Вы находитесь на странице: 1из 1138

Motorola Solutions

WiNG 5.4 FIPS


Access Point
CLI Reference Guide
MOTOROLA SOLUTIONS WING 5.4 FIPS
ACCESS POINT
CLI REFERENCE GUIDE
MN000257A01
Revision A
November 2013
ii WiNG 5.4 FIPS Access Point CLI Reference Guide

No part of this publication may be reproduced or used in any form, or by any electrical or mechanical means, without
permission in writing from Motorola Solutions. This includes electronic or mechanical means, such as photocopying,
recording, or information storage and retrieval systems. The material in this manual is subject to change without notice.

The software is provided strictly on an as is basis. All software, including firmware, furnished to the user is on a licensed
basis. Motorola Solutions grants to the user a non-transferable and non-exclusive license to use each software or firmware
program delivered hereunder (licensed program). Except as noted below, such license may not be assigned, sublicensed,
or otherwise transferred by the user without prior written consent of Motorola Solutions. No right to copy a licensed program
in whole or in part is granted, except as permitted under copyright law. The user shall not modify, merge, or incorporate any
form or portion of a licensed program with other program material, create a derivative work from a licensed program, or use
a licensed program in a network without written permission from Motorola Solutions. The user agrees to maintain Motorola
Solutions copyright notice on the licensed programs delivered hereunder, and to include the same on any authorized copies
it makes, in whole or in part. The user agrees not to decompile, disassemble, decode, or reverse engineer any licensed
program delivered to the user or any portion thereof.

Motorola Solutions reserves the right to make changes to any software or product to improve reliability, function, or design.

Motorola Solutions does not assume any product liability arising out of, or in connection with, the application or use of any
product, circuit, or application described herein.

No license is granted, either expressly or by implication, estoppel, or otherwise under any Motorola Solutions, Inc.,
intellectual property rights. An implied license only exists for equipment, circuits, and subsystems contained in Motorola
Solutions products.
TABLE OF CONTENTS

ABOUT THIS GUIDE

Chapter 1, INTRODUCTION
1.1 CLI Overview ...........................................................................................................................................................1-2
1.2 Getting Context Sensitive Help ..............................................................................................................................1-6
1.3 Using the No Command ..........................................................................................................................................1-8
1.3.1 Basic Conventions .........................................................................................................................................1-8
1.4 Using CLI Editing Features and Shortcuts ..............................................................................................................1-9
1.4.1 Moving the Cursor on the Command Line ....................................................................................................1-9
1.4.2 Completing a Partial Command Name .......................................................................................................1-10
1.4.3 Command Output pagination ......................................................................................................................1-10
1.4.4 Creating Profiles .........................................................................................................................................1-10
1.4.5 Change the default profile by creating vlan 150 and mapping to ge2Physical interface ..........................1-11
1.4.6 Remote Administration ...............................................................................................................................1-11

Chapter 2, USER EXEC MODE COMMANDS


2.1 User Exec Commands .............................................................................................................................................2-2
2.1.1 ap-upgrade ....................................................................................................................................................2-4
2.1.2 captive-portal-page-upload ........................................................................................................................2-10
2.1.3 change-passwd ...........................................................................................................................................2-11
2.1.4 clear ............................................................................................................................................................2-12
2.1.5 clock ............................................................................................................................................................2-16
2.1.6 create-cluster ..............................................................................................................................................2-17
2.1.7 crypto ..........................................................................................................................................................2-18
2.1.8 disable .........................................................................................................................................................2-24
2.1.9 enable .........................................................................................................................................................2-25
2.1.10 join-cluster ................................................................................................................................................2-26
2.1.11 l2tpv3 ........................................................................................................................................................2-27
2.1.12 logging ......................................................................................................................................................2-29
2.1.13 exit ............................................................................................................................................................2-30
ii WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.14 mint ...........................................................................................................................................................2-31


2.1.15 no ..............................................................................................................................................................2-33
2.1.16 page ..........................................................................................................................................................2-37
2.1.17 ping ...........................................................................................................................................................2-38
2.1.18 ssh .............................................................................................................................................................2-39
2.1.19 terminal .....................................................................................................................................................2-40
2.1.20 time-it ........................................................................................................................................................2-41
2.1.21 traceroute ..................................................................................................................................................2-42
2.1.22 watch ........................................................................................................................................................2-43

Chapter 3, PRIVILEGED EXEC MODE COMMANDS


3.1 Privileged Exec Mode Commands ..........................................................................................................................3-3
3.1.1 ap-upgrade ....................................................................................................................................................3-5
3.1.2 boot .............................................................................................................................................................3-11
3.1.3 change-passwd ...........................................................................................................................................3-12
3.1.4 clear ............................................................................................................................................................3-13
3.1.5 clock ............................................................................................................................................................3-17
3.1.6 cluster .........................................................................................................................................................3-18
3.1.7 configure .....................................................................................................................................................3-19
3.1.8 copy .............................................................................................................................................................3-20
3.1.9 create-cluster ..............................................................................................................................................3-21
3.1.10 crypto ........................................................................................................................................................3-22
3.1.11 disable .......................................................................................................................................................3-28
3.1.12 enable .......................................................................................................................................................3-29
3.1.13 erase .........................................................................................................................................................3-30
3.1.14 exit ............................................................................................................................................................3-31
3.1.15 fips-license ................................................................................................................................................3-32
3.1.16 halt ............................................................................................................................................................3-34
3.1.17 join-cluster ................................................................................................................................................3-35
3.1.18 l2tpv3 ........................................................................................................................................................3-36
3.1.19 logging ......................................................................................................................................................3-38
3.1.20 mint ...........................................................................................................................................................3-39
3.1.21 no ..............................................................................................................................................................3-41
3.1.22 page ..........................................................................................................................................................3-45
3.1.23 ping ...........................................................................................................................................................3-46
3.1.24 re-elect ......................................................................................................................................................3-47
3.1.25 reload ........................................................................................................................................................3-48
3.1.26 self ............................................................................................................................................................3-49
3.1.27 ssh .............................................................................................................................................................3-50
3.1.28 terminal .....................................................................................................................................................3-51
3.1.29 time-it ........................................................................................................................................................3-52
3.1.30 traceroute ..................................................................................................................................................3-53
3.1.31 upgrade .....................................................................................................................................................3-54
3.1.32 upgrade-abort ...........................................................................................................................................3-55
3.1.33 watch ........................................................................................................................................................3-56
3.1.34 zeroize .......................................................................................................................................................3-57
iii

Chapter 4, GLOBAL CONFIGURATION COMMANDS


4.1 Global Configuration Commands ............................................................................................................................4-3
4.1.1 aaa-policy ......................................................................................................................................................4-5
4.1.2 aaa-tacacs-policy ..........................................................................................................................................4-6
4.1.3 ap71xx ...........................................................................................................................................................4-7
4.1.4 association-acl-policy ...................................................................................................................................4-8
4.1.5 auto-provisioning-policy ...............................................................................................................................4-9
4.1.6 captive portal ..............................................................................................................................................4-10
4.1.7 clear ............................................................................................................................................................4-30
4.1.8 customize ....................................................................................................................................................4-31
4.1.9 device ..........................................................................................................................................................4-39
4.1.10 device-categorization ................................................................................................................................4-40
4.1.11 dhcp-server-policy .....................................................................................................................................4-45
4.1.12 dns-whitelist .............................................................................................................................................4-46
4.1.13 end ............................................................................................................................................................4-51
4.1.14 event-system-policy ..................................................................................................................................4-52
4.1.15 firewall-policy ...........................................................................................................................................4-65
4.1.16 host ...........................................................................................................................................................4-67
4.1.17 ip ...............................................................................................................................................................4-68
4.1.18 inline-password-encryption ......................................................................................................................4-69
4.1.19 l2tpv3 ........................................................................................................................................................4-70
4.1.20 mac ............................................................................................................................................................4-72
4.1.21 management-policy ..................................................................................................................................4-73
4.1.22 meshpoint .................................................................................................................................................4-74
4.1.23 meshpoint-qos-policy ................................................................................................................................4-75
4.1.24 mint-policy ................................................................................................................................................4-76
4.1.25 nac-list ......................................................................................................................................................4-77
4.1.26 no ..............................................................................................................................................................4-83
4.1.27 password-encryption ................................................................................................................................4-88
4.1.28 profile ........................................................................................................................................................4-89
4.1.29 radio-qos-policy ........................................................................................................................................4-92
4.1.30 radius-group ..............................................................................................................................................4-93
4.1.31 radius-server-policy ..................................................................................................................................4-94
4.1.32 radius-user-pool-policy .............................................................................................................................4-95
4.1.33 rf-domain ...................................................................................................................................................4-96
4.1.34 role-policy ...............................................................................................................................................4-115
4.1.35 routing-policy ..........................................................................................................................................4-116
4.1.36 self ..........................................................................................................................................................4-117
4.1.37 smart-rf-policy .........................................................................................................................................4-118
4.1.38 wips-policy ..............................................................................................................................................4-119
4.1.39 wlan ........................................................................................................................................................4-120
4.1.40 wlan-qos-policy .......................................................................................................................................4-165

Chapter 5, COMMON COMMANDS


5.1 Common Commands ...............................................................................................................................................5-2
5.1.1 clrscr ..............................................................................................................................................................5-3
iv WiNG 5.4 FIPS Access Point CLI Reference Guide

5.1.2 commit ..........................................................................................................................................................5-4


5.1.3 exit ................................................................................................................................................................5-5
5.1.4 help ...............................................................................................................................................................5-6
5.1.5 no ................................................................................................................................................................5-10
5.1.6 revert ...........................................................................................................................................................5-12
5.1.7 service .........................................................................................................................................................5-13
5.1.8 show ............................................................................................................................................................5-31
5.1.9 write ............................................................................................................................................................5-33

Chapter 6, SHOW COMMANDS


6.1 show commands .....................................................................................................................................................6-2
6.1.1 show ..............................................................................................................................................................6-4
6.1.2 adoption ........................................................................................................................................................6-8
6.1.3 ap-upgrade ..................................................................................................................................................6-10
6.1.4 boot .............................................................................................................................................................6-11
6.1.5 captive-portal ..............................................................................................................................................6-12
6.1.6 captive-portal-page-upload ........................................................................................................................6-15
6.1.7 cdp ...............................................................................................................................................................6-16
6.1.8 clock ............................................................................................................................................................6-17
6.1.9 cluster .........................................................................................................................................................6-18
6.1.10 commands .................................................................................................................................................6-19
6.1.11 context ......................................................................................................................................................6-20
6.1.12 critical-resources ......................................................................................................................................6-21
6.1.13 crypto ........................................................................................................................................................6-22
6.1.14 event-history .............................................................................................................................................6-25
6.1.15 event-system-policy ..................................................................................................................................6-26
6.1.16 firewall ......................................................................................................................................................6-27
6.1.17 fips-license ................................................................................................................................................6-30
6.1.18 interface ....................................................................................................................................................6-31
6.1.19 ip ...............................................................................................................................................................6-33
6.1.20 ip-access-list-stats ....................................................................................................................................6-38
6.1.21 l2tpv3 ........................................................................................................................................................6-39
6.1.22 licenses .....................................................................................................................................................6-41
6.1.23 lldp ............................................................................................................................................................6-42
6.1.24 logging ......................................................................................................................................................6-43
6.1.25 mac-access-list-stats ................................................................................................................................6-44
6.1.26 mac-address-table ....................................................................................................................................6-45
6.1.27 mint ...........................................................................................................................................................6-46
6.1.28 noc .............................................................................................................................................................6-49
6.1.29 ntp .............................................................................................................................................................6-51
6.1.30 password-encryption ................................................................................................................................6-52
6.1.31 pppoe-client ..............................................................................................................................................6-53
6.1.32 privilege ....................................................................................................................................................6-54
6.1.33 reload ........................................................................................................................................................6-55
6.1.34 rf-domain-manager ...................................................................................................................................6-56
6.1.35 role ............................................................................................................................................................6-57
v

6.1.36 route-maps ................................................................................................................................................6-58


6.1.37 rtls .............................................................................................................................................................6-59
6.1.38 running-config ...........................................................................................................................................6-60
6.1.39 session-changes .......................................................................................................................................6-64
6.1.40 session-config ...........................................................................................................................................6-65
6.1.41 sessions ....................................................................................................................................................6-66
6.1.42 smart-rf .....................................................................................................................................................6-67
6.1.43 spanning-tree ............................................................................................................................................6-70
6.1.44 startup-config ............................................................................................................................................6-73
6.1.45 terminal .....................................................................................................................................................6-74
6.1.46 timezone ....................................................................................................................................................6-75
6.1.47 upgrade-status ..........................................................................................................................................6-76
6.1.48 version .......................................................................................................................................................6-77
6.1.49 vrrp ............................................................................................................................................................6-78
6.1.50 what ..........................................................................................................................................................6-79
6.1.51 wireless .....................................................................................................................................................6-80
6.1.52 wwan ........................................................................................................................................................6-94

Chapter 7, PROFILES
7.1 Profile Config Commands .......................................................................................................................................7-2
7.1.1 ap-upgrade ....................................................................................................................................................7-5
7.1.2 arp .................................................................................................................................................................7-6
7.1.3 auto-learn-staging-config .............................................................................................................................7-7
7.1.4 autoinstall .....................................................................................................................................................7-8
7.1.5 bridge ............................................................................................................................................................7-9
7.1.6 captive-portal ..............................................................................................................................................7-24
7.1.7 cdp ...............................................................................................................................................................7-25
7.1.8 configuration-persistence ...........................................................................................................................7-26
7.1.9 controller .....................................................................................................................................................7-27
7.1.10 critical-resource ........................................................................................................................................7-29
7.1.11 crypto ........................................................................................................................................................7-31
7.1.12 dscp-mapping ............................................................................................................................................7-64
7.1.13 email-notification ......................................................................................................................................7-65
7.1.14 enforce-version .........................................................................................................................................7-67
7.1.15 events ........................................................................................................................................................7-68
7.1.16 export ........................................................................................................................................................7-69
7.1.17 interface ....................................................................................................................................................7-70
7.1.18 ip .............................................................................................................................................................7-154
7.1.19 l2tpv3 ......................................................................................................................................................7-163
7.1.20 led ...........................................................................................................................................................7-164
7.1.21 legacy-auto-downgrade ..........................................................................................................................7-165
7.1.22 lldp ..........................................................................................................................................................7-166
7.1.23 load-balancing ........................................................................................................................................7-167
7.1.24 logging ....................................................................................................................................................7-172
7.1.25 mac-address-table ..................................................................................................................................7-174
7.1.26 memory-profile ........................................................................................................................................7-175
vi WiNG 5.4 FIPS Access Point CLI Reference Guide

7.1.27 meshpoint-device ....................................................................................................................................7-176


7.1.28 meshpoint-monitor-interval ....................................................................................................................7-178
7.1.29 min-misconfiguration-recovery-time ......................................................................................................7-179
7.1.30 mint .........................................................................................................................................................7-180
7.1.31 misconfiguration-recovery-time ..............................................................................................................7-182
7.1.32 neighbor-inactivity-timeout ....................................................................................................................7-183
7.1.33 neighbor-info-interval .............................................................................................................................7-184
7.1.34 no ............................................................................................................................................................7-185
7.1.35 noc ...........................................................................................................................................................7-188
7.1.36 ntp ...........................................................................................................................................................7-189
7.1.37 power-config ...........................................................................................................................................7-191
7.1.38 preferred-controller-group ......................................................................................................................7-192
7.1.39 preferred-tunnel-controller .....................................................................................................................7-193
7.1.40 radius ......................................................................................................................................................7-194
7.1.41 rf-domain-manager .................................................................................................................................7-195
7.1.42 router .......................................................................................................................................................7-196
7.1.43 spanning-tree ..........................................................................................................................................7-197
7.1.44 tunnel-controller .....................................................................................................................................7-200
7.1.45 use ...........................................................................................................................................................7-201
7.1.46 virtual-controller .....................................................................................................................................7-204
7.1.47 vrrp ..........................................................................................................................................................7-205
7.2 Device Config Commands ...................................................................................................................................7-209
7.2.1 area ...........................................................................................................................................................7-214
7.2.2 channel-list ...............................................................................................................................................7-215
7.2.3 contact ......................................................................................................................................................7-216
7.2.4 country-code .............................................................................................................................................7-217
7.2.5 dhcp-redundancy .......................................................................................................................................7-218
7.2.6 floor ...........................................................................................................................................................7-219
7.2.7 hostname ..................................................................................................................................................7-220
7.2.8 layout-coordinates ....................................................................................................................................7-221
7.2.9 license .......................................................................................................................................................7-222
7.2.10 location ...................................................................................................................................................7-223
7.2.11 mac-name ...............................................................................................................................................7-224
7.2.12 neighbor-info-interval .............................................................................................................................7-225
7.2.13 no ............................................................................................................................................................7-226
7.2.14 override-wlan ..........................................................................................................................................7-229
7.2.15 remove-override ......................................................................................................................................7-230
7.2.16 rsa-key .....................................................................................................................................................7-232
7.2.17 sensor-server ..........................................................................................................................................7-233
7.2.18 stats ........................................................................................................................................................7-234
7.2.19 timezone ..................................................................................................................................................7-235
7.2.20 trustpoint .................................................................................................................................................7-236

Chapter 8, AAA-POLICY
8.1 aaa-policy ...............................................................................................................................................................8-3
8.1.1 accounting .....................................................................................................................................................8-4
vii

8.1.2 attribute ........................................................................................................................................................8-7


8.1.3 authentication ...............................................................................................................................................8-8
8.1.4 health-check ................................................................................................................................................8-12
8.1.5 mac-address-format ....................................................................................................................................8-13
8.1.6 no ................................................................................................................................................................8-14
8.1.7 proxy-attribute ............................................................................................................................................8-17
8.1.8 server-pooling-mode ...................................................................................................................................8-18
8.1.9 use ...............................................................................................................................................................8-19

Chapter 9, AUTO-PROVISIONING-POLICY
9.1 auto-provisioning-policy .........................................................................................................................................9-2
9.1.1 adopt .............................................................................................................................................................9-3
9.1.2 default-adoption ...........................................................................................................................................9-6
9.1.3 deny ...............................................................................................................................................................9-7
9.1.4 no ................................................................................................................................................................9-10

Chapter 10, ASSOCIATION-ACL-POLICY


10.1 association-acl-policy .........................................................................................................................................10-2
10.1.1 deny ...........................................................................................................................................................10-3
10.1.2 no ..............................................................................................................................................................10-4
10.1.3 permit ........................................................................................................................................................10-6

Chapter 11, ACCESS-LIST


11.1 ip-access-list .......................................................................................................................................................11-3
11.1.1 deny ...........................................................................................................................................................11-4
11.1.2 no ..............................................................................................................................................................11-9
11.1.3 permit ......................................................................................................................................................11-14
11.2 mac-access-list .................................................................................................................................................11-20
11.2.1 deny .........................................................................................................................................................11-21
11.2.2 no ............................................................................................................................................................11-24
11.2.3 permit ......................................................................................................................................................11-26

Chapter 12, DHCP-SERVER-POLICY


12.1 dhcp-server-policy ..............................................................................................................................................12-2
12.1.1 bootp .........................................................................................................................................................12-3
12.1.2 dhcp-class .................................................................................................................................................12-4
12.1.3 dhcp-pool ................................................................................................................................................12-10
12.1.4 no ............................................................................................................................................................12-52
12.1.5 option ......................................................................................................................................................12-54
12.1.6 ping .........................................................................................................................................................12-55

Chapter 13, FIREWALL-POLICY


13.1 firewall-policy .....................................................................................................................................................13-3
viii WiNG 5.4 FIPS Access Point CLI Reference Guide

13.1.1 alg .............................................................................................................................................................13-4


13.1.2 clamp .........................................................................................................................................................13-5
13.1.3 dhcp-offer-convert ....................................................................................................................................13-6
13.1.4 dns-snoop ..................................................................................................................................................13-7
13.1.5 firewall ......................................................................................................................................................13-8
13.1.6 flow ...........................................................................................................................................................13-9
13.1.7 ip .............................................................................................................................................................13-11
13.1.8 ip-mac .....................................................................................................................................................13-16
13.1.9 logging ....................................................................................................................................................13-18
13.1.10 no ..........................................................................................................................................................13-19
13.1.11 proxy-arp ...............................................................................................................................................13-26
13.1.12 stateful-packet-inspection-12 ...............................................................................................................13-27
13.1.13 storm-control .........................................................................................................................................13-28
13.1.14 virtual-defragmentation ........................................................................................................................13-30

Chapter 14, MINT-POLICY


14.1 mint-policy ..........................................................................................................................................................14-2
14.1.1 level ...........................................................................................................................................................14-3
14.1.2 mtu ............................................................................................................................................................14-4
14.1.3 no ..............................................................................................................................................................14-5

Chapter 15, MANAGEMENT-POLICY


15.1 management-policy ............................................................................................................................................15-2
15.1.1 aaa-login ...................................................................................................................................................15-3
15.1.2 banner .......................................................................................................................................................15-5
15.1.3 https ..........................................................................................................................................................15-6
15.1.4 idle-session-timeout .................................................................................................................................15-7
15.1.5 no ..............................................................................................................................................................15-8
15.1.6 restrict-access .........................................................................................................................................15-11
15.1.7 snmp-server ............................................................................................................................................15-13
15.1.8 ssh ...........................................................................................................................................................15-16
15.1.9 user .........................................................................................................................................................15-17
15.1.10 service ...................................................................................................................................................15-19

Chapter 16, RADIUS-POLICY


16.1 radius-group ........................................................................................................................................................16-2
16.1.1 guest .........................................................................................................................................................16-4
16.1.2 policy .........................................................................................................................................................16-5
16.1.3 rate-limit ...................................................................................................................................................16-8
16.1.4 no ..............................................................................................................................................................16-9
16.2 radius-server-policy ..........................................................................................................................................16-11
16.2.1 authentication .........................................................................................................................................16-13
16.2.2 chase-referral ..........................................................................................................................................16-15
16.2.3 crl-check ..................................................................................................................................................16-16
ix

16.2.4 ldap-group-verification ...........................................................................................................................16-17


16.2.5 ldap-server ..............................................................................................................................................16-18
16.2.6 local .........................................................................................................................................................16-21
16.2.7 nas ...........................................................................................................................................................16-22
16.2.8 no ............................................................................................................................................................16-23
16.2.9 proxy ........................................................................................................................................................16-26
16.2.10 session-resumption ...............................................................................................................................16-28
16.2.11 use .........................................................................................................................................................16-29
16.3 radius-user-pool-policy .....................................................................................................................................16-30
16.3.1 user .........................................................................................................................................................16-31
16.3.2 no ............................................................................................................................................................16-33

Chapter 17, RADIO-QOS-POLICY


17.1 radio-qos-policy ..................................................................................................................................................17-4
17.1.1 accelerated-multicast ...............................................................................................................................17-5
17.1.2 admission-control .....................................................................................................................................17-6
17.1.3 no ..............................................................................................................................................................17-9
17.1.4 smart-aggregation ..................................................................................................................................17-12
17.1.5 wmm .......................................................................................................................................................17-13

Chapter 18, ROLE-POLICY


18.1 role-policy ...........................................................................................................................................................18-2
18.1.1 default-role ...............................................................................................................................................18-3
18.1.2 ldap-deadperiod ........................................................................................................................................18-4
18.1.3 ldap-mode .................................................................................................................................................18-5
18.1.4 ldap-server ................................................................................................................................................18-6
18.1.5 ldap-service ...............................................................................................................................................18-7
18.1.6 ldap-timeout ..............................................................................................................................................18-8
18.1.7 no ..............................................................................................................................................................18-9
18.1.8 user-role ..................................................................................................................................................18-11

Chapter 19, SMART-RF-POLICY


19.1 smart-rf-policy ....................................................................................................................................................19-3
19.1.1 assignable-power .....................................................................................................................................19-4
19.1.2 channel-list ...............................................................................................................................................19-5
19.1.3 channel-width ...........................................................................................................................................19-6
19.1.4 coverage-hole-recovery ............................................................................................................................19-7
19.1.5 enable .......................................................................................................................................................19-9
19.1.6 group-by ..................................................................................................................................................19-10
19.1.7 interference-recovery ..............................................................................................................................19-11
19.1.8 neighbor-recovery ...................................................................................................................................19-13
19.1.9 no ............................................................................................................................................................19-15
19.1.10 root-recovery .........................................................................................................................................19-17
19.1.11 sensitivity ..............................................................................................................................................19-18
x WiNG 5.4 FIPS Access Point CLI Reference Guide

19.1.12 smart-ocs-monitoring ............................................................................................................................19-19


19.1.13 smart-ocs-monitoring (ap7161) .............................................................................................................19-23

Chapter 20, WIPS-POLICY


20.1 wips-policy ..........................................................................................................................................................20-3
20.1.1 ap-detection ..............................................................................................................................................20-4
20.1.2 enable .......................................................................................................................................................20-5
20.1.3 event .........................................................................................................................................................20-6
20.1.4 history-throttle-duration .........................................................................................................................20-10
20.1.5 interference-event ..................................................................................................................................20-11
20.1.6 no ............................................................................................................................................................20-12
20.1.7 signature .................................................................................................................................................20-17
20.1.8 use ...........................................................................................................................................................20-33

Chapter 21, WLAN-QOS-POLICY


21.1 wlan-qos-policy ..................................................................................................................................................21-2
21.1.1 accelerated-multicast ...............................................................................................................................21-3
21.1.2 classification .............................................................................................................................................21-4
21.1.3 multicast-mask ..........................................................................................................................................21-6
21.1.4 no ..............................................................................................................................................................21-7
21.1.5 qos ...........................................................................................................................................................21-10
21.1.6 rate-limit .................................................................................................................................................21-11
21.1.7 svp-prioritization .....................................................................................................................................21-14
21.1.8 voice-prioritization ..................................................................................................................................21-15
21.1.9 wmm .......................................................................................................................................................21-16

Chapter 22, L2TPV3-POLICY


22.1 l2tpv3-policy-commands .....................................................................................................................................22-2
22.1.1 cookie-size ................................................................................................................................................22-4
22.1.2 failover-delay ............................................................................................................................................22-5
22.1.3 force-12-path-recovery .............................................................................................................................22-6
22.1.4 hello-interval .............................................................................................................................................22-7
22.1.5 no ..............................................................................................................................................................22-8
22.1.6 reconnect-attempts .................................................................................................................................22-10
22.1.7 reconnect-interval ...................................................................................................................................22-11
22.1.8 retry-attempts .........................................................................................................................................22-12
22.1.9 retry-interval ...........................................................................................................................................22-13
22.1.10 rx-window-size ......................................................................................................................................22-14
22.1.11 tx-window-size ......................................................................................................................................22-15
22.2 l2tpv3-tunnel-commands ..................................................................................................................................22-16
22.2.1 establishment-criteria .............................................................................................................................22-18
22.2.2 hostname ................................................................................................................................................22-19
22.2.3 local-ip-address ......................................................................................................................................22-20
22.2.4 mtu ..........................................................................................................................................................22-21
xi

22.2.5 no ............................................................................................................................................................22-22
22.2.6 peer .........................................................................................................................................................22-24
22.2.7 router-id ..................................................................................................................................................22-27
22.2.8 session ....................................................................................................................................................22-28
22.2.9 use ...........................................................................................................................................................22-29
22.3 l2tpv3-manual-session-commands ...................................................................................................................22-30
22.3.1 local-cookie .............................................................................................................................................22-32
22.3.2 local-ip-address ......................................................................................................................................22-33
22.3.3 local-session-id .......................................................................................................................................22-34
22.3.4 mtu ..........................................................................................................................................................22-35
22.3.5 no ............................................................................................................................................................22-36
22.3.6 peer .........................................................................................................................................................22-38
22.3.7 remote-cookie .........................................................................................................................................22-39
22.3.8 remote-session-id ...................................................................................................................................22-40
22.3.9 traffic-source ...........................................................................................................................................22-41

Chapter 23, ROUTER-MODE COMMANDS


23.1 router-mode ........................................................................................................................................................23-2
23.1.1 area ...........................................................................................................................................................23-3
23.1.2 auto-cost ...................................................................................................................................................23-4
23.1.3 default-information ...................................................................................................................................23-5
23.1.4 ip ...............................................................................................................................................................23-6
23.1.5 network .....................................................................................................................................................23-7
23.1.6 ospf ...........................................................................................................................................................23-8
23.1.7 passive ......................................................................................................................................................23-9
23.1.8 redistribute ..............................................................................................................................................23-10
23.1.9 route-limit ...............................................................................................................................................23-11
23.1.10 router-id ................................................................................................................................................23-12
23.1.11 vrrp-state-check ....................................................................................................................................23-13
23.1.12 no ..........................................................................................................................................................23-14
23.1.13 OSPF-area-mode ...................................................................................................................................23-16

Chapter 24, ROUTING-POLICY


24.1 routing-policy-commands ...................................................................................................................................24-2
24.1.1 apply-to-local-packets ..............................................................................................................................24-3
24.1.2 logging ......................................................................................................................................................24-4
24.1.3 route-map ..................................................................................................................................................24-5
24.1.4 route-map-mode .......................................................................................................................................24-6
24.1.5 use ...........................................................................................................................................................24-14
24.1.6 no ............................................................................................................................................................24-15

Chapter 25, AAA-TACACS-POLICY


25.1 aaa-tacacs-policy ................................................................................................................................................25-2
25.1.1 accounting .................................................................................................................................................25-3
xii WiNG 5.4 FIPS Access Point CLI Reference Guide

25.1.2 authentication ...........................................................................................................................................25-6


25.1.3 authorization .............................................................................................................................................25-8
25.1.4 no ............................................................................................................................................................25-11

Chapter 26, MESHPOINT


26.1 meshpoint ...........................................................................................................................................................26-2
26.1.1 allowed-vlans ............................................................................................................................................26-4
26.1.2 beacon-format ...........................................................................................................................................26-5
26.1.3 control-vlan ...............................................................................................................................................26-6
26.1.4 data-rates ..................................................................................................................................................26-7
26.1.5 description ..............................................................................................................................................26-10
26.1.6 meshid .....................................................................................................................................................26-11
26.1.7 neighbor ..................................................................................................................................................26-12
26.1.8 no ............................................................................................................................................................26-13
26.1.9 root ..........................................................................................................................................................26-16
26.1.10 security-mode .......................................................................................................................................26-17
26.1.11 service ...................................................................................................................................................26-18
26.1.12 shutdown ..............................................................................................................................................26-19
26.1.13 use .........................................................................................................................................................26-20
26.1.14 wpa2 .....................................................................................................................................................26-21
26.2 meshpoint-qos-policy .......................................................................................................................................26-22
26.2.1 accelerated-multicast .............................................................................................................................26-23
26.2.2 no ............................................................................................................................................................26-24
26.2.3 rate-limit .................................................................................................................................................26-26
26.3 other meshpoint commands .............................................................................................................................26-28
26.3.1 meshpoint-device ....................................................................................................................................26-29
26.3.2 monitor ....................................................................................................................................................26-31
26.3.3 path-method ............................................................................................................................................26-32
26.3.4 preferred .................................................................................................................................................26-33
26.3.5 root ..........................................................................................................................................................26-34
26.3.6 no ............................................................................................................................................................26-35

Chapter 27, KEY ZEROIZATION


27.1 Key Zeroization Process ......................................................................................................................................27-2

Chapter 28, SELF TESTS

Appendix A, CUSTOMER SUPPORT


ABOUT THIS GUIDE

This manual supports the following access points:


Access Points AP7131N, AP7131N-GR, AP7161, AP7181

NOTE: In the access point CLI, AP7131, AP7161, and AP7181 are collectively
represented as AP71XX. This guide is generic for all the three access points. The
examples mentioned in this guide are similar for all access points.

This section is organized into the following:


Document Conventions
Notational Conventions
Motorola Solutions Enterprise Mobility Support Center
Motorola Solutions End-User Software License Agreement
ii WiNG 5.4 FIPS Access Point CLI Reference Guide

Document Conventions
The following conventions are used in this document to draw your attention to important information:

NOTE: Indicates tips or special requirements.

! CAUTION: Indicates conditions that can cause equipment damage or data loss.

WARNING! Indicates a condition or procedure that could result in personal injury or


equipment damage.
iii

Notational Conventions
The following notational conventions are used in this document:
Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related
documents
Bullets () indicate:
lists of alternatives
lists of required steps that are not necessarily sequential
action items
Sequential lists (those describing step-by-step procedures) appear as numbered lists
Understanding Command Syntax
<variable> Variables are described with a short description enclosed within a < and
a > pair.
For example, the command,
[G]ap7131-4AA708>show interface ge 1
is documented as
show interface ge <idx>
show The command Display information
interface The keyword The interface
<idx> The variable ge Index value
| The pipe symbol. This is used to separate the variables/keywords in a list.
For example, the command
[G]ap7131-4AA708> show .....
is documented as
show [adoption|boot|captive-portal|......]
where:
show The command
[adoption|advanced-wips|boot|captive-portal|......] Indicates the
different commands that can be combined with the show command.
However, only one of the above list can be used at a time.
show adoption ...
show boot ...
iv WiNG 5.4 FIPS Access Point CLI Reference Guide

[] Of the different keywords and variables listed inside a [ & ] pair, only
one can be used. Each choice in the list is separated with a | (pipe)
symbol.
For example, the command
[G]ap7131-4AA708# clear ...

is documented as
clear [arp-cache|cdp|crypto|event-
history|firewall|ip|spanning-tree]

where:
clear The command
[arp-cache|cdp|crypto|event-history|firewall|ip|spanning-tree]
Indicates that seven keywords are available for this command and only
one can be used at a time
{} Any command/keyword/variable or a combination of them inside a { &}
pair is optional. All optional commands follow the same conventions as
listed above. However they are displayed italicized.
For example, the command
[G]ap7131-4AA708> show adoption ....

is documented as
show adoption info {on <DEVICE-OR-DOMAIN-NAME>}

Here:
show adoption info The command. This command can also be used as
show adoption info
{on <DEVICE-OR-DOMAIN-NAME>} The optional keyword on <device-
or-domain-name>. The command can also be extended as
show adoption info {on <DEVICE-OR-DOMAIN-NAME>}
Here the keyword {on <DEVICE-OR-DOMAIN-NAME>} is optional.
v

command / keyword The first word is always a command. Keywords are words that must be
entered as is. Commands and keywords are mandatory.
For example, the command,
[G]ap7131-4AA708>show wireless

is documented as
show wireless
where:
show The command
wireless The keyword
() Any command/keyword/variable or a combination of them inside a ( & )
pair are recursive. All recursive commands can be listed in any order and
can be used once along with the rest of the commands.
For example, the command
crypto pki test autogen-subject-name ...
is documented as
[G]ap7131-4AA708#crypto pki test autogen-
subject-name (<URL>,email <EMAIL>,fqdn
<FQDN>,ip-address <IP>)
Here:
crypto pki export request generate-rsa-key <RSA-KEYPAIR-NAME>
auto-gen-subject-name is the command
[G]ap7131-4AA708#crypto pki test autogen-
subject-name

(<URL>,email <EMAIL>,fqdn <FQDN>,ip-address <IP>) is the set of


recursive parameters that can be used in any order.
where every recursive command is separated by a comma ,
vi WiNG 5.4 FIPS Access Point CLI Reference Guide

Motorola Solutions Enterprise Mobility Support Center


If you have a problem with your equipment, contact Motorola Solutions Enterprise Mobility Support for your region.
Contact information is available by visiting the URL:
http://www.motorolasolutions.com/US-EN/Support/Support+Contacts
When contacting Enterprise Mobility support, please provide the following information:
Serial number of the unit
Model number or product name
Software type and version number
Motorola Solutions responds to calls by e-mail, telephone or fax within the time limits set forth in support agreements. If you purchased
your Enterprise Mobility business product from a Motorola Solutions business partner, contact that business partner for support.

Customer Support Web Site


Motorola Solutions' Support Central Web site, provides information and online assistance including developer tools, software downloads,
product manuals and online repair requests. Product support can be found at:
http://supportcentral.motorolasolutions.com/support

Product Manuals
http://supportcentral.motorolasolutions.com/support/product/manuals.do

Product Sales and Product Information


Motorola Solutions, Inc.
One Motorola Plaza
Holtsville, New York 11742-1300
Tel: 1-631-738-2400 or 1-800-722-6234
Fax: 1-631-738-5990

General Information
For general information, contact Motorola Solutions at:
Telephone (North America): 1-800-722-6234
Telephone (International): +1-631-738-5200
Website: http://www.motorolasolutions.com
vii

Motorola Solutions
End-User Software License Agreement
THIS MOTOROLA SOLUTIONS END-USER SOFTWARE LICENSE AGREEMENT (END-USER LICENSE AGREEMENT) IS BETWEEN
MOTOROLA SOLUTIONS INC. (HEREIN MOTOROLA SOLUTIONS) AND END-USER CUSTOMER TO WHOM MOTOROLA SOLUTIONS
PROPRIETARY SOFTWARE OR MOTOROLA SOLUTIONS PRODUCTS CONTAINING EMBEDDED, PRE-LOADED, OR INSTALLED SOFTWARE
(PRODUCTS) IS MADE AVAILABLE. THIS END-USER LICENSE AGREEMENT CONTAINS THE TERMS AND CONDITIONS OF THE LICENSE
MOTOROLA SOLUTIONS IS PROVIDING TO END-USER CUSTOMER, AND END-USER CUSTOMERS USE OF THE SOFTWARE AND
DOCUMENTATION. BY USING, DOWNLOADING OR INSTALLING THIS SOFTWARE, YOU OR THE ENTITY THAT YOU REPRESENT (END-
USER CUSTOMER) ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS END-USER LICENSE AGREEMENT.
1. DEFINITIONS
Documentation means product and software documentation that specifies technical and performance features and
capabilities, and the user, operation and training manuals for the Software (including all physical or electronic media upon
which such information is provided).
Open Source Software means software with either freely obtainable source code license for modification, or permission
for free distribution.
Open Source Software License means the terms or conditions under which the Open Source Software is licensed.
Software (i) means proprietary software in object code format, and adaptations, translations, decompilations,
disassemblies, emulations, or derivative works of such software; (ii) means any modifications, enhancements, new versions
and new releases of the software provided by Motorola Solutions; and (iii) may contain items of software owned by a third
party supplier. The term Software does not include any third party software provided under separate license or third party
software not licensable under the terms of this Agreement. To the extent, if any, that there is a separate license agreement
packaged with, or provided electronically with, a particular Product that becomes effective on an act of acceptance by the
end user, then that agreement supersedes this End-User License Agreement as to the end use of that particular Product.
2. GRANT OF LICENSE
2.1.Subject to the provisions of this End-User License Agreement, Motorola Solutions grants to End-User Customer a
personal, limited, non-transferable (except as provided in Section 4), and non-exclusive license under Motorola
Solutions copyrights and confidential information embodied in the Software to use the Software, in object code form,
and the Documentation solely in connection with End-User Customers use of the Products. This End-User License
Agreement does not grant any rights to source code.
2.2.If the Software licensed under this End-User License Agreement contains or is derived from Open Source Software, the
terms and conditions governing the use of such Open Source Software are in the Open Source Software Licenses of the
copyright owner and not this End-User License Agreement. If there is a conflict between the terms and conditions of
this End-User License Agreement and the terms and conditions of the Open Source Software Licenses governing End-
User Customers use of the Open Source Software, the terms and conditions of the license grant of the applicable Open
Source Software Licenses will take precedence over the license grants in this End-User License Agreement. If
requested by End-User Customer, Motorola Solutions will use commercially reasonable efforts to: (i) determine whether
any Open source Software is provided under this End-User License Agreement; (ii) identify the Open Source Software
and provide End-User Customer a copy of the applicable Open Source Software License (or specify where that license
may be found); and, (iii) provide End-User Customer a copy of the Open Source Software source code, without charge,
if it is publicly available (although distribution fees may be applicable).
3. LIMITATIONS ON USE
3.1.End-User Customer may use the Software only for End-User Customers internal business purposes and only in
accordance with the Documentation. Any other use of the Software is strictly prohibited and will be deemed a breach
of this End-User License Agreement. Without limiting the general nature of these restrictions, End-User Customer will
viii WiNG 5.4 FIPS Access Point CLI Reference Guide

not make the Software available for use by third parties on a time sharing, application service provider, or service
bureau basis or for any other similar commercial rental or sharing arrangement.
3.2.End-User Customer will not, and will not allow or enable any third party to: (i) reverse engineer, disassemble, peel
components, decompile, reprogram or otherwise reduce the Software or any portion to a human perceptible form or
otherwise attempt to recreate the source code; (ii) modify, adapt, create derivative works of, or merge the Software
with other software; (iii) copy, reproduce, distribute, lend, or lease the Software or Documentation to any third party,
grant any sublicense or other rights in the Software or Documentation to any third party, or take any action that would
cause the Software or Documentation to be placed in the public domain; (iv) remove, or in any way alter or obscure, any
copyright notice or other notice of Motorola Solutions proprietary rights; (v) provide, copy, transmit, disclose, divulge
or make the Software or Documentation available to, or permit the use of the Software by any third party or on any
machine except as expressly authorized by this Agreement; or (vi) use, or permit the use of, the Software in a manner
that would result in the production of a copy of the Software solely by activating a machine containing the Software.
End-User Customer may make one copy of Software to be used solely for archival, back-up, or disaster recovery
purposes; provided that End-User Customer may not operate that copy of the Software at the same time as the original
Software is being operated. End-User Customer may make as many copies of the Documentation as it may reasonably
require for the internal use of the Software.
3.3.Unless otherwise authorized by Motorola Solutions in writing, End-User Customer will not, and will not enable or allow
any third party to: (i) install a licensed copy of the Software on more than one unit of a Product; or (ii) copy onto or
transfer Software installed in one unit of a Product onto another device.
3.4.If End-User Customer is purchasing Products that require a site license, End-User Customer must purchase a copy of the
applicable Software for each site at which End-User Customer uses such Software. End-User Customer may make one
additional copy for each computer owned or controlled by End-User Customer at each such site. End-User Customer may
temporarily use the Software on portable or laptop computers at other sites. End-User Customer must provide a written
list of all sites where End-User Customer uses or intends to use the Software.
4. TRANSFERS
4.1.End-User Customer will not transfer the Software or Documentation to any third party without Motorola Solutions prior
written consent. Motorola Solutions consent may be withheld at its discretion and may be conditioned upon transferee
paying all applicable license fees and agreeing to be bound by this End-User License Agreement.
5. OWNERSHIP AND TITLE
5.1.Motorola Solutions, its licensors, and its suppliers retain all of their proprietary rights in any form in and to the Software
and Documentation, including, but not limited to, all rights in patents, patent applications, inventions, copyrights,
trademarks, trade secrets, trade names, and other proprietary rights in or relating to the Software and Documentation.
No rights are granted to End-User Customer under this Agreement by implication, estoppel or otherwise, except for
those rights which are expressly granted to End-User Customer in this End-User License Agreement. All intellectual
property developed, originated, or prepared by Motorola Solutions in connection with providing the Software, Products,
Documentation or related services remains vested exclusively in Motorola Solutions, and End-User Customer will not
have any shared development or other intellectual property rights.
6. CONFIDENTIALITY
6.1.End-User Customer acknowledges that the Software contains valuable proprietary information and trade secrets and
that unauthorized dissemination, distribution, modification, reverse engineering, disassembly or other improper use of
the Software will result in irreparable harm to Motorola Solutions for which monetary damages would be inadequate.
Accordingly, End-User Customer will limit access to the Software to those of its employees and agents who need to use
the Software for End-User Customers internal business.
7. MAINTENANCE AND SUPPORT
7.1.No maintenance or support is provided under this End-User License Agreement. Maintenance or support, if available,
will be provided under a separate Motorola Solutions Software maintenance and support agreement.
ix

8. LIMITED WARRANTY AND LIMITATION OF LIABILITY


8.1.Unless otherwise specified in the applicable warranty statement, the Documentation or in any other media at the time
of shipment of the Software by Motorola Solutions, and for the warranty period specified therein, for the first 120 days
after initial shipment of the Software to the End-User Customer, Motorola Solutions warrants that the Software, when
installed and/or used properly, will be free from reproducible defects that materially vary from its published
specifications. Motorola Solutions does not warrant that End-User Customers use of the Software or the Products will
be uninterrupted or error-free or that the Software or the Products will meet End-User Customers particular
requirements.
8.2.MOTOROLA SOLUTIONS TOTAL LIABILITY, AND END-USER CUSTOMERS SOLE REMEDY, FOR ANY BREACH OF THIS
WARRANTY WILL BE LIMITED TO, AT MOTOROLA SOLUTIONS OPTION, REPAIR OR REPLACEMENT OF THE SOFTWARE
OR PAYMENT OF END-USER CUSTOMERS ACTUAL DAMAGES UP TO THE AMOUNT PAID TO MOTOROLA SOLUTIONS
FOR THE SOFTWARE OR THE INDIVIDUAL PRODUCT IN WHICH THE SOFTWARE IS EMBEDDED OR FOR WHICH IT WAS
PROVIDED. THIS WARRANTY EXTENDS ONLY TO THE FIRST END-USER CUSTOMER; SUBSEQUENT TRANSFEREES
MUST ACCEPT THE SOFTWARE AS IS AND WITH NO WARRANTIES OF ANY KIND. MOTOROLA SOLUTIONS
DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF
MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.
8.3.IN NO EVENT WILL MOTOROLA SOLUTIONS BE LIABLE FOR SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES,
INCLUDING, BUT NOT LIMITED TO, LOSS OF USE, TIME OR DATA, INCONVENIENCE, COMMERCIAL LOSS, LOST
PROFITS, OR SAVINGS, TO THE FULL EXTENT SUCH MAY BE DISCLAIMED BY LAW, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. THE LIMITATIONS IN THIS PARAGRAPH WILL APPLY NOTWITHSTANDING ANY
FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
9. TERM AND TERMINATION
9.1.Any use of the Software, including but not limited to use on the Products, will constitute End-User Customers
agreement to this End-User License Agreement. End-User Customers right to use the Software will continue for the
life of the Products with which or for which the Software and Documentation have been provided by Motorola Solutions,
unless End-User Customer breaches this End-User License Agreement, in which case this End-User License Agreement
and End-User Customers right to use the Software and Documentation may be terminated immediately by Motorola
Solutions. In addition, if Motorola Solutions reasonably believes that End-User Customer intends to breach this End-
User License Agreement Motorola Solutions may, by notice to End-User Customer, terminate End-User Customers right
to use the Software.
9.2.Upon termination, Motorola Solutions will be entitled to immediate injunctive relief without proving damages and,
unless End-User Customer is a sovereign government entity, Motorola Solutions will have the right to repossess all
copies of the Software in End-User Customers possession. Within thirty (30) days after termination of End-User
Customers right to use the Software, End-User Customer must certify in writing to Motorola Solutions that all copies
of such Software have been returned to Motorola Solutions or destroyed.
10. UNITED STATES GOVERNMENT LICENSING PROVISIONS
10.1.This Section applies if End-User Customer is the United States Government or a United States Government agency.
End-User Customers use, duplication or disclosure of the Software and Documentation under Motorola Solutions
copyrights or trade secret rights is subject to the restrictions set forth in subparagraphs (c)(1) and (2) of the Commercial
Computer Software-Restricted Rights clause at FAR 52.227-19 (JUNE 1987), if applicable, unless they are being
provided to the Department of Defense. If the Software and Documentation are being provided to the Department of
Defense, End-User Customers use, duplication, or disclosure of the Software and Documentation is subject to the
restricted rights set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at
DFARS 252.227-7013 (OCT 1988), if applicable. The Software and Documentation may or may not include a Restricted
Rights notice, or other notice referring to this End-User License Agreement. The provisions of this End-User License
Agreement will continue to apply, but only to the extent that they are consistent with the rights provided to the
End-User Customer under the provisions of the FAR and DFARS mentioned above, as applicable to the particular
procuring agency and procurement transaction.
x WiNG 5.4 FIPS Access Point CLI Reference Guide

11. GENERAL
11.1.Copyright Notices. The existence of a copyright notice on the Software will not be construed as an admission or
presumption that public disclosure of the Software or any trade secrets associated with the Software has occurred.
11.2.Compliance with Laws. End-User Customer acknowledges that the Software is subject to the laws and regulations of
the United States and End-User Customer will comply with all applicable laws and regulations, including export laws
and regulations of the United States. End-User Customer will not, without the prior authorization of Motorola Solutions
and the appropriate governmental authority of the United States, in any form export or re-export, sell or resell, ship or
reship, or divert, through direct or indirect means, any item or technical data or direct of indirect products sold or
otherwise furnished to any person within any territory for which the United States Government or any of its agencies
at the time of the action, requires an export license or other governmental approval. Violation of this provision is a
material breach of this Agreement.
11.3.Third Party Beneficiaries. This End-User License Agreement is entered into solely for the benefit of Motorola Solutions
and End-User Customer. No third party has the right to make any claim or assert any right under this Agreement, and
no third party is deemed a beneficiary of this End-User License Agreement. Notwithstanding the foregoing, any licensor
or supplier of third party software included in the Software will be a direct and intended third party beneficiary of this
End-User License Agreement.
11.4.Waiver. No waiver of a right or remedy of a Party will constitute a waiver of another right or remedy of that Party.
11.5.Assignments. Motorola Solutions may assign any of its rights or sub-contract any of its obligations under this End-User
License Agreement or encumber or sell any of its rights in any Software, without prior notice to or consent of End-User
Customer.
11.6.Causes of Action. End-User Customer must bring any action under this End-User License Agreement within one year
after the cause of action arises except that warranty claims must be brought within the applicable warranty period.
11.7.Entire Agreement and Amendment. This End-User License Agreement contains the parties entire agreement
regarding End-User Customers use of the Software and may be amended only in a writing signed by both parties, except
that Motorola Solutions may modify this End-User License Agreement as necessary to comply with applicable laws and
regulations.
11.8.Governing Law. This End-User License Agreement is governed by the laws of the the State of Delaware in the United
States to the extent that they apply and otherwise by the internal substantive laws of the country to which the Software
is shipped if End-User Customer is a sovereign governmental entity. The terms of the U.N. Convention on Contracts for
the International Sale of Goods do not apply. In the event that the Uniform Computer information Transaction Act, any
version of this Act, or a substantially similar law (collectively UCITA) becomes applicable to a Partys performance
under this Agreement, UCITA does not govern any aspect of this End-User License Agreement or any license granted
under this End-User License Agreement, or any of the parties rights or obligations under this End-User License
Agreement. The governing law will be that in effect prior to the applicability of UCITA.
11.9.Dispute Resolution. Unless End-User Customer is a sovereign governmental entity, any dispute arising from or in
connection with this End-User License Agreement shall be submitted to the sole and exclusive forum of the state and
federal courts sitting in New Castle County, Delaware (the "Delaware Courts"), and each Party irrevocably submits to
the jurisdiction of the Delaware Courts for the litigation of such disputes. Each Party hereby irrevocably waives, and
agrees not to assert in any suit, action or proceeding brought in the Delaware Courts, any claim or defense that the Party
is not subject to the jurisdiction of the Delaware Courts, that the Delaware Courts are an inconvenient forum, or that
the Delaware Courts are an improper venue.
CHAPTER 1
INTRODUCTION
This chapter describes the commands available using the access point Command Line Interface (CLI).
Access the CLI by using:
A terminal emulation program running on a computer connected to the serial port on the access point. The serial port is
located on the front of the access point.
The CLI can also be accessed using Secure Shell (SSH)
Configuration for connecting to a Access Point using a terminal emulator
If connecting through the serial port, use the following settings to configure your terminal emulator:

Bits Per Second 19200


Data Bits 8
Parity None
Stop Bit 1
Flow Control None

When a CLI session is established, complete the following (user input is in bold):
login as: <username>
administrators login password: <password>
User Credentials
Use the following credentials when logging into a device for the first time:

User Name admin


Password 0umP.s45fIOD6

When logging into the CLI for the first time, you are prompted to change the password.
When the user logs onto the device for the first time, the user will have to enter the default password as
0umP.s45fIOD6. On first login, the user will be prompted to change the password. If the user saves the configuration
then the user will have to enter the new password every time else the user will have to enter 0umP.s45fIOD6 on every
reload.
1-2 WiNG 5.4 FIPS Access Point CLI Reference Guide

Examples in this reference guide


Examples used in this reference guide are generic to the each supported access point model. Commands that are not common,
are identified using the notation Supported in the following platforms. For an example, see below:
Supported in the following platforms:
Access Point AP71XX
The above example indicates the command is only available for a AP71XX model access point.

1.1 CLI Overview


The CLI is used for configuring, monitoring, and maintaining the access point managed network. The user interface allows you
to execute commands on APs, using either a serial console or a remote access method.
This chapter describes basic CLI features. Topics covered include an introduction to command modes, navigation and editing
features, help features and command history.
The CLI is segregated into different command modes. Each mode has its own set of commands for configuration, maintenance
and monitoring. The commands available at any given time depend on the mode you are in, and to a lesser extent, the particular
model used. Enter a question mark (?) at the system prompt to view a list of commands available for each command mode/
instance.
Use specific commands to navigate from one command mode to another. The standard order is: USER EXEC mode, PRIV EXEC
mode and GLOBAL CONFIG mode.

NOTE: All the commands in the FIPS build are appended with [G].

[G]ap7131-139B34>
[G]ap7131-139B34>en
[G]ap7131-139B34#config
Enter configuration commands, one per line. End with CNTL/Z.
[G]ap7131-139B34(config)#
INTRODUCTION 1-3

Command Modes
A session generally begins in the USER EXEC mode (one of the two access levels of the EXEC mode). For security, only a limited
subset of EXEC commands are available in the USER EXEC mode. This level is reserved for tasks that do not change the access
point configuration.
[G]ap7131-4AA708>
The system prompt signifies the device name and the last three bytes of the device MAC address.
To access commands, enter the PRIV EXEC mode (the second access level for the EXEC mode). Once in the PRIV EXEC mode,
enter any EXEC command. The PRIV EXEC mode is a superset of the USER EXEC mode.
[G]ap7131-4AA708>enable
[G]ap7131-4AA708#
Most of the USER EXEC mode commands are one-time commands and are not saved across access point reboots. Save the
command by executing commit command. For example, the show command displays the current configuration and the clear
command clears the interface.
Access the GLOBAL CONFIG mode from the PRIV EXEC mode. In the GLOBAL CONFIG mode, enter commands that set general
system characteristics. Configuration modes, allow you to change the running configuration. If you save the configuration later,
these commands are stored across access point reboots.
Access a variety of protocol specific (or feature-specific) modes from the global configuration mode. The CLI hierarchy requires
you to access specific configuration modes only through the global configuration mode.
[G]ap7131-4AA708#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
[G]ap7131-4AA708(config)#
You can also access sub-modes from the global configuration mode. Configuration sub-modes define specific features within
the context of a configuration mode.
[G]ap7131-4AA708(config)#aaa-policy test
[G]ap7131-4AA708(config-aaa-policy-test)#
Table 1.1 summarizes available access point commands.
Table 1.1 Access Point Modes and Commands

User Exec Mode Priv Exec Mode Global Configuration Mode


ap-upgrade ap-upgrade aaa-policy
captive-portal-page-upload boot aaa-tacacs-policy
change-passwd captive-portal-page-upload ap71xx
clear change-passwd association-acl-policy
clock clear auto-provisioning-policy
cluster clock captive-portal
commit cluster clear
create-cluster commit customize
crypto configure device
disable copy device-categorization
enable create-cluster dhcp-server-policy
fips-license crypto dns-whitelist
1-4 WiNG 5.4 FIPS Access Point CLI Reference Guide

Table 1.1 Access Point Modes and Commands

User Exec Mode Priv Exec Mode Global Configuration Mode


help disable event-system-policy
join-cluster enable firewall-policy
l2tpv3 erase help
logging fips-license host
mint halt igmp-snoop-policy
no help inline-password-encryption
page join-cluster ip
ping l2tpv3 l2tpv3
revert logging mac
service mint management-policy
show no meshpoint
ssh page meshpoint-qos-policy
terminal ping mint-policy
time-it re-elect nac-list
traceroute reload no
watch revert password-encryption
write self profile
clrscr service radio-qos-policy
exit show radius-group
ssh radius-server-policy
terminal radius-user-pool-policy
time-it rf-domain
traceroute role-policy
upgrade routing-policy
upgrade-abort self
watch smart-rf-policy
write wips-policy
zeroise wlan
clrscr wlan-qos-policy
exit write
INTRODUCTION 1-5

Table 1.1 Access Point Modes and Commands

User Exec Mode Priv Exec Mode Global Configuration Mode


clrscr
commit
do
end
exit
revert
service
show
1-6 WiNG 5.4 FIPS Access Point CLI Reference Guide

1.2 Getting Context Sensitive Help


Enter a question mark (?) at the system prompt to display a list of commands available for each mode. Obtain a list of arguments
and keywords for any command using the CLI context-sensitive help.
Use the following commands to obtain help specific to a command mode, command name, keyword or argument:

Command Description
(prompt)# help Displays a brief description of the help system
(prompt)# abbreviated-command-entry? Lists commands in the current mode that begin with a particular
character string
(prompt)# abbreviated-command-entry<Tab> Completes a partial command name
(prompt)# ? Lists all commands available in the command mode
(prompt)# command ? Lists the available syntax options (arguments and keywords) for
the command
(prompt)# command keyword ? Lists the next available syntax option for the command

NOTE: The system prompt varies depending on which configuration mode your in.

NOTE: Enter Ctrl + V to use ? as a regular character and not as a character used for
displaying context sensitive help. This is required when the user has to enter a URL that
ends with a ?

NOTE: The escape character used through out the CLI is \. To enter a "\" use "\\"
instead.

When using context-sensitive help, the space (or lack of a space) before the question mark (?) is significant. To obtain a list of
commands that begin with a particular sequence, enter the characters followed by a question mark (?). Do not include a space.
This form of help is called word help, because it completes a word.
[G]ap7131-4AA708#service?
service Service Commands

[G]ap7131-4AA708#service
Enter a question mark (?) (in place of a keyword or argument) to list keywords or arguments. Include a space before the ?.
This form of help is called command syntax help. It shows the keywords or arguments available based on the command/
keyword and argument already entered.
[G]ap7131-4AA708#service ?
clear Remove
cli-tables-skin Choose a formatting layout/skin for CLI tabular outputs
cluster Cluster Protocol
delete Delete sessions
delete-offline-aps Delete Access Points that are configured but offline
enable Enable radiusd loading on low memory devices
force-send-config Resend configuration to the device
INTRODUCTION 1-7

load-balancing Wireless load-balancing service commands


locator Enable leds flashing on the device
mint MiNT protocol
pktcap Start packet capture
pm Process Monitor
radio Radio parameters
radius Radius test
set Set validation mode
show Show running system information
signal Send a signal to a process
smart-rf Smart-RF Management Commands
ssm Command related to ssm
start-shell Provide shell access
trace Trace a process for system calls and signals
wireless Wireless commands

[G]ap7131-4AA708#

It is possible to abbreviate commands and keywords to allow a unique abbreviation. For example, configure terminal can be
abbreviated as config t. Since the abbreviated command is unique, the access point accepts the abbreviation and
executes the command.
Enter the help command (available in any command mode) to provide the following description:
[G]ap7131-4AA708>help ?
search Look for CLI commands related to a specific term
show Show running system information

<cr>
[G]ap7131-4AA708>help
1-8 WiNG 5.4 FIPS Access Point CLI Reference Guide

1.3 Using the No Command


Almost every command has a no form. Use no to disable a feature or function or return it to its default value. Use the command
without the no keyword to re-enable a disabled feature.

1.3.1 Basic Conventions


Keep the following conventions in mind while working within the access point CLI:
Use ? at the end of a command to display available sub-modes. Type the first few characters of the sub-mode and press the
tab key to add the sub-mode. Continue using ? until you reach the last sub-mode.
Pre-defined CLI commands and keywords are case-insensitive: cfg = Cfg = CFG. However (for clarity), CLI commands and
keywords are displayed (in this guide) using mixed case. For example, apPolicy, trapHosts, channelInfo.
Enter commands in uppercase, lowercase, or mixed case. Only passwords are case sensitive.
INTRODUCTION 1-9

1.4 Using CLI Editing Features and Shortcuts


A variety of shortcuts and edit features are available. The following sections describe these features:
Moving the Cursor on the Command Line
Completing a Partial Command Name
Command Output pagination

1.4.1 Moving the Cursor on the Command Line


Table 1.2 Shows the key combinations or sequences to move the command line cursor. Ctrl defines the control key, which must
be pressed simultaneously with its associated letter key. Esc means the escape key (which must be pressed first), followed by
its associated letter key. Keys are not case sensitive. Specific letters are used to provide an easy way of remembering their
functions. In Table 1.2, bold characters indicate the relation between a letter and its function.
Table 1.2 Keystrokes Details

Keystrokes Function Summary Function Details


Left Arrow Back character Moves the cursor one character to the left
or When entering a command that extends beyond a single
Ctrl-B line, press the Left Arrow or Ctrl-B keys repeatedly to move
back to the system prompt.
Right Arrow or Ctrl-F Forward character Moves the cursor one character to the right
Esc- B Back word Moves the cursor back one word
Esc- F Forward word Moves the cursor forward one word
Ctrl-A Beginning of line Moves the cursor to the beginning of the command line
Ctrl-E End of line Moves the cursor to the end of the command line
Ctrl-D Deletes the current character
Ctrl-U Deletes text up to cursor
Ctrl-K Deletes from the cursor to end of the line
Ctrl-P Obtains the prior command from memory
Ctrl-N Obtains the next command from memory
Esc-C Converts the letter at the cursor to uppercase
Esc-L Converts the letter at the cursor to lowercase
Esc-D Deletes the remainder of a word
Ctrl-W Deletes the word up to the cursor
Ctrl-Z Returns to the root prompt
Ctrl-T Transposes the character to the left of the cursor with the
character located at the cursor
Ctrl-L Clears the screen
1 - 10 WiNG 5.4 FIPS Access Point CLI Reference Guide

1.4.2 Completing a Partial Command Name


If you cannot remember a command name (or if you want to reduce the amount of typing you have to perform), enter the first
few letters of a command, then press the Tab key. The command line parser completes the command if the string entered is
unique to the command mode. If your keyboard does not have a Tab key, press Ctrl-L.
The CLI recognizes a command once you have entered enough characters to make the command unique. If you enter conf
within the privileged EXEC mode, the CLI associates the entry with the configure command, since only the configure command
begins with conf.
In the following example, the CLI recognizes a unique string in the privileged EXEC mode when the Tab key is pressed:
[G]ap7131-4AA708# conf<Tab>
[G]ap7131-4AA708# configure
When using the command completion feature, the CLI displays the full command name. The command is not executed until the
Return or Enter key is pressed. Modify the command if the full command was not what you intended in the abbreviation. If
entering a set of characters (indicating more than one command), the system lists all commands beginning with that set of
characters.
Enter a question mark (?) to obtain a list of commands beginning with that set of characters. Do not leave a space between the
last letter and the question mark (?).
For example, entering U lists all commands available in the current command mode:
[G]ap7131-4AA708# co?
commit Commit all changes made in this session
configure Enter configuration mode
copy Copy from one file to another
[G]ap7131-4AA708#

NOTE: The characters entered before the question mark are reprinted to the screen to
complete the command entry.

1.4.3 Command Output pagination


Output often extends beyond the visible screen length. For cases where output continues beyond the screen, the output is
paused and a
--More--
prompt displays at the bottom of the screen. To resume the output, press the Enter key to scroll down one line or press the
Spacebar to display the next full screen of output.

1.4.4 Creating Profiles


Profiles are sort of a template representation of configuration. The system has:
a default access point AP71XX profile
The following command displays default AP71XX profile:
[G]ap7131-4AA708(config)#profile ap71xx default-ap71xx
[G]ap7131-4AA708(config-profile-default-ap71xx)#
[G]ap7131-4AA708(config-profile-default-ap71xx)#show context
profile ap71xx default-ap71xx
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
INTRODUCTION 1 - 11

crypto ikev1 remote-vpn


crypto ikev2 remote-vpn
crypto auto-ipsec-secure
interface radio1
interface radio2
interface radio3
interface ge1
ip dhcp trust
qos trust dscp
qos trust 802.1p
--More--

1.4.5 Change the default profile by creating vlan 150 and mapping to ge2Physical interface
Logon to the access point in config mode and follow the procedure below:
[G]ap7131-4AA708(config-profile-default-ap71xx)# interface vlan 150
[G]ap7131-4AA708(config-profile-default-ap71xx-if-vlan150)## ip address 192.168.150.20/
24
[G]ap7131-4AA708(config-profile-default-ap71xx-if-vlan150)## exit
[G]ap7131-4AA708(config-profile-default-ap71xx)#interface ge 2
[G]ap7131-4AA708(config-profile-default-ap71xx-if-ge2)#
[G]ap7131-4AA708(config-profile-default-ap71xx-if-ge2)#switchport access vlan 150
[G]ap7131-4AA708(config-profile-default-ap71xx-if-ge2)#
[G]ap7131-4AA708(config-profile-default-ap71xx-if-ge2)# commit write
[OK]
[G]ap7131-4AA708(config-profile-default-ap71xx-if-ge2)#show interface vlan 150
Interface vlan150 is UP
Hardware-type: vlan, Mode: Layer 3, Address: 00-04-96-4A-A7-08
Index: 4, Metric: 1, MTU: 1500
IP-Address: unassigned
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 0, bytes 0, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0

[G]ap7131-4AA708(config-profile-default-ap71xx-if-ge2)#

1.4.5.1 Viewing Configured APs


To view previously configured APs, enter the following command:
[G]ap7131-139B34#show wireless ap configured
---------------------------------------------------------------------------------------
IDX NAME MAC PROFILE RF-DOMAIN ADOPTED-BY DEVICE-TYPE FIPS-LICENSE
---------------------------------------------------------------------------------------
1 ap7131-139B34 00-23-68-13-9B-34 default-ap71xx default un-adopted ap7131
False
---------------------------------------------------------------------------------------
[G]ap7131-139B34#

1.4.6 Remote Administration


A terminal server may function in remote administration mode if either the terminal services role is not installed on the machine
or the client used to invoke the session has enabled the admin access point.
A terminal emulation program running on a computer connected to the serial port on the access point. The serial port is
located on the front of the access point.
AP can be accessing using SSH also. Motorola Solutions recommends using SSH for remote administration tasks.
1.4.6.1 Accessing CLI through SSH
By default, SSH is enabled from the factory settings on the access point. The access point requires an IP address and login
credentials.
To enable SSH access in the default profile, login through the serial console. Perform the following:
1 - 12 WiNG 5.4 FIPS Access Point CLI Reference Guide

1. Access the GLOBAL CONFIG mode from the PRIV EXEC mode.
[G]ap7131-4AA708> en
[G]ap7131-4AA708# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
2. Go to default management-policy mode.
[G]ap7131-4AA708(config)# management-policy default
[G]ap7131-4AA708(config-management-policy-default)#
3. Enter SSH at the command prompt.
[G]ap7131-4AA708(config-management-policy-default)# ssh
4. Log into the wireless access point through SSH using appropriate credentials.
5. Use the following credentials when logging on to the device for the first time:

User Name admin


Password 0umP.s45fIOD6

When logging into the access point for the first time, you are prompted to change the password.
To change the user credentials:
[G]ap7131-139B34> login: admin
Password:
System is currently using the factory default login credentials.
Please change the default password to protect from unauthorized access.
Enter new password:
Password for user 'admin' changed successfully.
Please write this password change to memory ("write memory") to make the change persistent
[G]ap7131-139B34>write memory
CHAPTER 2
USER EXEC MODE COMMANDS
Logging in to the access point places you within the USER EXEC command mode. Typically, a login requires a user name and
password. You have three login attempts before the connection attempt is refused. USER EXEC commands (available at the
user level) are a subset of the commands available at the privileged level. In general, USER EXEC commands allow you to
connect to remote devices, perform basic tests and list system information.
To list available USER EXEC commands, use ? at the command prompt. The USER EXEC prompt consists of the device host name
followed by an angle bracket (>).
[G]ap7131-4AA708>?
Command commands:
ap-upgrade AP firmware upgrade
captive-portal-page-upload Captive portal advanced page upload
change-passwd Change password
clear Clear
clock Configure software system clock
cluster Cluster commands
commit Commit all changes made in this session
create-cluster Create a cluster
crypto Encryption related commands
debug Debugging functions
disable Turn off privileged mode command
enable Turn on privileged mode command
fips-license FIPS license management command
help Description of the interactive help system
join-cluster Join the cluster
l2tpv3 L2tpv3 protocol
logging Modify message logging facilities
mint MiNT protocol
no Negate a command or set its defaults
page Toggle paging
ping Send ICMP echo messages
revert Revert changes
service Service Commands
show Show running system information
ssh Open an ssh connection
terminal Set terminal line parameters
time-it Check how long a particular command took between
request and completion of response
traceroute Trace route to destination
watch Repeat the specific CLI command at a periodic
interval
write Write running configuration to memory or
terminal
clrscr Clears the display screen
exit Exit from the CLI
[G]ap7131-4AA708>
2-2 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1 User Exec Commands


Table 2.1 summarizes User Exec Mode commands.
Table 2.1 User Exec Mode Commands

Command Description Reference


ap-upgrade Enables an automatic adopted AP firmware upgrade page 2-4
captive-portal- Configures captive-portal-page-upload settings page 2-10
page-upload
change-passwd Changes the password of a logged user page 2-12
clear Resets the last saved command page 2-12
clock Configures the system clock page 2-16
create-cluster Creates a new cluster on a specified device page 2-17
crypto Enables encryption page 2-18
disable Turns off (disables) the privileged mode command set page 2-24
enable Turns on (enables) the privileged mode command set page 2-25
join-cluster Adds a wireless controller to an existing cluster of devices page 2-26
l2tpv3 Establishes or brings down Layer 2 Tunneling Protocol Version 3 (L2TPV3) tunnel page 2-27
logging Modifies message logging facilities page 2-29
exit Ends the current CLI session and closes the session window page 2-30
mint Configures MiNT protocol page 2-31
no Negates a command or sets its default value page 2-33
page Toggles to the wireless controller paging function page 2-37
ping Sends ICMP echo messages to a user-specified location page 2-38
ssh Opens an SSH connection between two network devices page 2-39
terminal Sets the length/number of lines displayed within the terminal window page 2-40
time-it Verifies the time taken by a particular command between request and response page 2-41
traceroute Traces the route to a defined destination page 2-42
watch Repeats a specific CLI command at a periodic interval page 2-43
clrscr Clears the display screen page 5-4
commit Commits (saves) changes made in the current session page 5-4
help Displays the interactive help system page 5-6
revert Reverts changes to their last saved configuration page 5-12
USER EXEC MODE COMMANDS 2-3

Table 2.1 User Exec Mode Commands

Command Description Reference


service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 6-4
write Writes information to memory or terminal page 5-33
2-4 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.1 ap-upgrade
User Exec Commands
Enables automatic firmware upgrade on an adopted AP or a set of APs. APs of the same type can be upgraded together. Once
APs have been upgraded, they can be forced to reboot. This command also loads the firmware on to the wireless controller.
The AP upgrade command also upgrades APs in a specified RF Domain.
Supported in the following platforms:
Access Points AP71XX
Syntax
ap-upgrade [<MAC/HOSTNAME>|all|ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx|
cancel-upgrade|load-image|rf-domain]

ap-upgrade [<MAC/HOSTNAME>] {no-reboot|reboot-time <TIME>|


upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}

ap-upgrade all {no-reboot|reboot-time <TIME>|upgrade-time <TIME> {no-reboot|


reboot-time <TIME>}} {(staggered-reboot)}
ap-upgrade [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx] all
{no-reboot|reboot-time <TIME>|upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}
{(staggered-reboot)}

ap-upgrade cancel-upgrade [<MAC/HOSTNAME>|all|ap621|ap622|ap650|ap6511|ap6521|ap6522|


ap6532|ap71xx|on]
ap-upgrade cancel-upgrade [<MAC/HOSTNAME>|all]
ap-upgrade cancel-upgrade [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx] all
ap-upgrade cancel-upgrade on rf-domain [<RF-DOMAIN-NAME>|all]

ap-upgrade load-image [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx]


<IMAGE-URL>

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6521|ap6522|ap6532|ap71xx] {no-reboot|no-via-rf-domain|reboot-time <TIME>|
staggered-reboot|upgrade-time <TIME>}

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6522|ap6521|ap6532|ap71xx] {no-reboot {staggered-reboot}|
reboot-time <TIME> {staggered-reboot}}

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6521|ap6532|ap71xx] {no-via-rf-domain {no-reboot|reboot-time <TIME>|
upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}} {(staggered-reboot)}

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6521|ap6522|ap6532|ap71xx] {upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}
{(staggered-reboot)}
Parameters
ap-upgrade <MAC/HOSTNAME> {no-reboot|reboot-time <TIME>|upgrade-time <TIME>
{no-reboot|reboot-time <TIME>}}

<MAC/HOSTNAME> Upgrades firmware on a specified AP or all APs adopted by the wireless controller
<MAC/HOSTNAME> Specify the APs MAC address or hostname.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the device must be manually
restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade
<TIME> Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
USER EXEC MODE COMMANDS 2-5

upgrade-time <TIME> Optional. Schedules an automatic firmware upgrade


{no-reboot| <TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a
reboot-time <TIME>} scheduled upgrade, these actions can be performed.
no-reboot Optional. Disables automatic reboot after a successful upgrade
(the wireless controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful
upgrade. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.

ap-upgrade all {no-reboot|reboot-time <TIME>|upgrade-time <TIME> {no-reboot|


reboot-time <TIME>}} {(staggered-reboot)}

all Upgrades firmware on all APs adopted by the wireless controller


no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade
<TIME> Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
upgrade-time <TIME> Optional. Schedules an automatic firmware upgrade on all adopted APs
{no-reboot| <TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a
reboot-time <TIME>} scheduled upgrade, these actions can be performed.
no-reboot Optional. Disables automatic reboot after a successful upgrade
(the wireless controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful
upgrade. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit

ap-upgrade [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx] all


{no-reboot|reboot-time <TIME>|upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}
{(staggered-reboot)}

[ap621|ap622| Upgrades firmware on all adopted APs


ap650|ap6511| AP621 all Upgrades firmware on all AP621s
ap6521|ap6522|
AP622 all Upgrades firmware on all AP622s
ap6532|ap71xx] all
AP650 all Upgrades firmware on all AP650s
AP6511 all Upgrades firmware on all AP6511s
AP6521 all Upgrades firmware on all AP6521s
AP6522 all Upgrades firmware on all AP6522s
AP6532 all Upgrades firmware on all AP6532s
AP71XX all Upgrades firmware on all AP71XXs
After selecting the AP type, you can schedule an automatic upgrade and/or an automatic reboot.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade
<TIME> Optional. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
2-6 WiNG 5.4 FIPS Access Point CLI Reference Guide

upgrade-time <TIME> Optional. Schedules firmware upgrade on an AP adopted by the wireless controller
{no-reboot| <TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a
reboot-time <TIME>} scheduled upgrade, these actions can be performed.
no-reboot Optional. Disables automatic reboot after a successful upgrade
(the wireless controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful
upgrade. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit

ap-upgrade cancel-upgrade [<MAC/HOSTNAME>|all]

cancel-upgrade Cancels scheduled firmware upgrade on a specified AP or all APs adopted by the wireless
[<MAC/HOSTNAME>| controller
all] <MAC/HOSTNAME> Cancels scheduled upgrade on a specified AP. Specify the APs MAC
address or hostname.
all Cancels scheduled upgrade on all APs

ap-upgrade cancel-upgrade [ap621|ap622|ap650|ap651|ap6521|ap6522|ap6532|ap71xx] all

cancel-upgrade Cancels scheduled firmware upgrade on all adopted APs


[ap621|ap622|ap650| AP621 all Cancels scheduled upgrade on all AP621s
ap6511|ap6521|
AP622 all Cancels scheduled upgrade on all AP622s
ap6522|ap6532|
ap71xx] all AP650 all Cancels scheduled upgrade on all AP650s
AP6511 all Cancels scheduled upgrade on all AP6511s
AP6521 all Cancels scheduled upgrade on all AP6521s
AP6522 all Cancels scheduled upgrade on all AP6522s
AP6532 all Cancels scheduled upgrade on all AP6532s
AP71XX all Cancels scheduled upgrade on all AP71XXs

ap-upgrade cancel-upgrade on rf-domain [<DOMAIN-NAME>|all]

cancel-upgrade on Cancels scheduled firmware upgrade on a specified RF Domain or all RF Domains


rf-domain <RF-DOMAIN-NAME> Cancels scheduled upgrade on a specified RF Domain. Specify the RF
[<RF-DOMAIN-NAME>| Domain name.
all]
all Cancels scheduled upgrades on all RF Domains
USER EXEC MODE COMMANDS 2-7

ap-upgrade load-image [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx]


<IMAGE-URL>

load-image Loads AP firmware images on the wireless controller. Select the AP type and provide the location
[ap621|ap622|ap650| of the AP firmware image.
ap6511|ap6521| AP621 <IMAGE-URL> Loads AP621 firmware image
ap6522|ap6532|
AP622 <IMAGE-URL> Loads AP622 firmware image
ap71xx]
AP650 <IMAGE-URL> Loads AP650 firmware image
AP6511 <IMAGE-URL> Loads AP6511 firmware image
AP6521 <IMAGE-URL> Loads AP6521 firmware image
AP6522 <IMAGE-URL> Loads AP6522 firmware image
AP6532 <IMAGE-URL> Loads AP6532 firmware image
AP71XX <IMAGE-URL> Loads AP71XX firmware image
<IMAGE-URL> Specify the AP firmware image location in the following format:
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6521|ap6522|ap6532|ap71xx] {no-reboot {staggered-reboot}|reboot-time <TIME>
{staggered-reboot}}

rf-domain Upgrades AP firmware on devices in a specified RF Domain or all RF Domains


[<RF-DOMAIN-NAME>| <RF-DOMAIN-NAME> Upgrades firmware in a specified RF Domain. Specify the RF Domain
all] name.
all Upgrades firmware on all RF Domains
[all|ap621|ap622| After specifying the RF Domain, select the AP type.
ap650|ap6511| all Upgrades firmware on all APs
ap6521|ap6522|
AP621 Upgrades firmware on all AP621s
ap6532|ap71xx]
AP622 Upgrades firmware on all AP622s
AP650 Upgrades firmware on all AP650s
AP6511 Upgrades firmware on all AP6511s
AP6521 Upgrades firmware on all AP6521s
AP6522 Upgrades firmware on all AP6522s
AP6532 Upgrades firmware on all AP6532s
AP71XX Upgrades firmware on all AP71XXs
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
{staggered-reboot} manually restarted)
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot, after a successful upgrade. Specify the reboot time in
{staggered-reboot} the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit
2-8 WiNG 5.4 FIPS Access Point CLI Reference Guide

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6521|ap6522|ap6532|ap71xx] {no-via-rf-domain {no-reboot|reboot-time <TIME>|
upgrade-time <TIME> {no-reboot|reboot-time <TIME>}} {(staggered-reboot)}}

rf-domain Upgrades AP firmware on devices in a specified RF Domain or all RF Domains


[<RF-DOMAIN-NAME>| <RF-DOMAIN-NAME> Upgrades firmware in a specified RF Domain. Specify the RF Domain
all] name.
all Upgrades firmware on all RF Domains
[all|ap621|ap622| After specifying the RF Domain, select the AP type.
ap650|ap6511| all Upgrades firmware on all APs
ap6521|ap6522|
AP621 Upgrades firmware on all AP621s
ap6532|ap71xx]
AP622 Upgrades firmware on all AP622s
AP650 Upgrades firmware on all AP650s
AP6511 Upgrades firmware on all AP6511s
AP6521 Upgrades firmware on all AP6521s
AP6522 Upgrades firmware on all AP6522s
AP6532 Upgrades firmware on all AP6532s
AP71XX Upgrades firmware on all AP71XXs
no-via-rf-domain Upgrades APs from the adopted device
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
{staggered-reboot} manually restarted)
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot, after a successful upgrade. Specify the reboot time in
{staggered-reboot} the MM/DD/YYYY-HH:MM or HH:MM format.
upgrade-time <TIME> Optional. Schedules an automatic firmware upgrade
{no-reboot| <TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a
reboot-time <TIME>} scheduled upgrade, these actions can be performed.
no-reboot Optional. Disables automatic reboot after a successful upgrade
(the wireless controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful
upgrade. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6521|ap6522|ap6532|ap71xx] {upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}
{(staggered-reboot)}

rf-domain Upgrades AP firmware on devices in a specified RF Domain or all RF Domains


[<RF-DOMAIN-NAME>| <RF-DOMAIN-NAME> Upgrades firmware in a specified RF Domain. Specify the RF Domain
all] name.
all Upgrades firmware on all RF Domains
USER EXEC MODE COMMANDS 2-9

[all|ap621|ap622| After specifying the RF Domain, select the AP type.


ap650|ap6511| all Upgrades firmware on all APs
ap6521|ap6522|
AP621 Upgrades firmware on all AP621s
ap6532|ap71xx]
AP622 Upgrades firmware on all AP622s
AP650 Upgrades firmware on all AP650s
AP6511 Upgrades firmware on all AP6511s
AP6521 Upgrades firmware on all AP6521s
AP6522 Upgrades firmware on all AP6522s
AP6532 Upgrades firmware on all AP6532s
AP71XX Upgrades firmware on all AP71XXs
upgrade <TIME> Schedules AP firmware upgrade
<TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
{staggered-reboot} manually restarted)
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot, after a successful upgrade. Specify the reboot time in
{staggered-reboot} the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit
Examples
[G]ap7131-139B34>ap-upgrade default/ap7131-139B34 no-reboot
[G]ap7131-139B34>
2 - 10 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.2 captive-portal-page-upload
User Exec Commands
Configures captive-portal-page-upload settings
Supported in the following platforms:
Access Points AP71XX
Syntax
captive-portal-page-upload [<CAPTIVE-PORTAL>|cancel-upload|load-file]

captive-portal-page-upload load-file <CAPTIVE-PORTAL> <URL>

captive-portal-page-upload <CAPTIVE-PORTAL> [DEVICE-NAME upload-time <WORD>|


all upload-time <WORD>|rf-domain [DOMAIN-NAME|all]]

captive-portal-page-upload <CAPTIVE-PORTAL> rf-domain [DEVICE-NAME|all]


{no-via-rf-domain upload-time <WORD>|upload-time <WORD>}
Parameters
captive-portal-page-upload load-file <CAPTIVE-PORTAL> <URL>

captive-portal-page- Configures captive-portal-page upload settings


upload load-file Loads the advanced page information
<CAPTIVE-PORTAL> <URL> Specify the name of the captive portal (must be existing and
configured)
URL Specify the location of file pages to be uploaded
URLs: sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file

captive-portal-page-upload <CAPTIVE-PORTAL> [DEVICE-NAME upload-time <WORD>|all


upload-time <WORD>|rf-domain [DOMAIN-NAME|all]]

captive-portal-page- Configures captive-portal-page upload settings


upload <CAPTIVE- <CAPTIVE-PORTAL> <URL> Specify the name of the captive portal (must be existing and
PORTAL> [DEVICE- configured)
NAME upload-time DEVCIE-NAME Specify the name/MAC address of the AP
<WORD>| all Uploads all the access points
all upload-time upload-time <WORD> Specify a schedule upload time
<WORD>| <WORD> Specify the upload time in MM/DD/YYYY-HH:MM or HH:MM format
rf-domain [DOMAIN- rf-domain Uploads all access points belonging to an RF Domain
NAME|all]] DOMAIN-NAME Specify a domain name
all Uploads to all RF domains

<rf-domain [DEVICE-NAME|all] {no-via-rf-domain upload-time<WORD>|upload-time <WORD>}

rf-domain [DEVICE- Uploads all access points belonging to an RF Domain.


NAME|all] DEVICE-NAME Specify the name/MAC address of the AP.
{no-via-rf-domain
all Uploads all the access points.
upload-time
no-via-rf-domain Uploads APs from the adopted device
<WORD>|
upload-time Specify a schedule upload time
upload-time
<WORD> Specify the upload time in MM/DD/YYYY-HH:MM or HH:MM format
<WORD>}
Examples
[G]ap7131-139B34>captive-portal-page-upload test rf-domain rfsdomain upload-time 11/11/
2013-10:10
[G]ap7131-139B34>
USER EXEC MODE COMMANDS 2 - 11

2.1.3 change-passwd
User Exec Commands
Changes the password of a logged user. When this command is executed without any parameters, the password can be
changed interactively.
Supported in the following platforms:
Access Points AP71XX
Syntax
change-passwd {<OLD-PASSWORD>} <NEW-PASSWORD>
Parameters
change passwd {<OLD-PASSWORD>} <NEW-PASSWORD>

<OLD-PASSWORD> Optional. The password can also be changed interactively. To do so, press [Enter] after the
<NEW-PASSWORD> command.
<OLD-PASSWORD> Optional. Specify the old password to be changed.
<NEW-PASSWORD> Specify the new password to change to.
Usage Guidelines
A password must be from 8 - 64 characters.
Examples
[G]ap7131-4AA708>change-passwd
Enter old password:
Enter new password:
Password for user 'admin' changed successfully
Please write this password change to memory(write memory) to be persistent.
[G]ap7131-4AA708#write memory
OK
[G]ap7131-4AA708>
2 - 12 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.4 clear
User Exec Commands
Clears parameters, cache entries, table entries, and other similar entries. The clear command is available for specific
commands only. The information cleared using this command varies depending on the mode where the clear command is
executed.
Supported in the following platforms:
Access Points AP71XX
Syntax
clear [arp-cache|cdp|crypto|event-history|ip|lldp|rtls|spanning-tree|vrrp]

clear arp-cache {on <DEVICE-NAME>}

clear [cdp|lldp] neighbors {on <DEVICE-NAME>}

clear crypto [ike|ipsec] sa


clear crypto ike sa [<IP>|all] {on <DEVICE-NAME>}
clear crypto ipsec sa {on <DEVICE-NAME>}

clear event-history

clear ip [dhcp|ospf]
clear ip dhcp bindings [<IP>|all] {on <DEVICE-NAME>}
clear ip ospf process {on <DEVICE-NAME>}

clear rtls [aeroscout|ekahau]


clear rtls [aeroscout|ekahau] {<DEVICE-NAME> {on <DEVICE-OR-DOMAIN-NAME>}|
on <DEVICE-OR-DOMAIN-NAME>}

clear spanning-tree detected-protocols {interface|on}


clear spanning-tree detected-protocols {on <DEVICE-NAME>}
clear spanning-tree detected-protocols {interface [<INTERFACE-NAME>|ge <1-2>|
pppoe1|vlan <1-4094>]} {on <DEVICE-NAME>}

clear vrrp [error-stats|stats] {on <DEVICE-NAME>}


Parameters
clear arp-cache {on <DEVICE-NAME>}

arp-cache Clears Address Resolution Protocol (ARP) cache entries on an AP or wireless controller. This
protocol matches the layer 3 IP addresses to the layer 2 MAC addresses.
on <DEVICE-NAME> Optional. Clears ARP cache entries on a specified AP or wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.

clear [cdp|lldp] neighbors {on <DEVICE-NAME>}

cdp Clears Cisco Discovery Protocol (CDP) table entries


lldp Clears Link Layer Discovery Protocol (LLDP) table entries
neighbors Clears CDP or LLDP neighbor table entries based on the option selected in the preceding step
on <DEVICE-NAME> Optional. Clears CDP or LLDP neighbor table entries on a specified AP or wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.
USER EXEC MODE COMMANDS 2 - 13

clear crypto ike sa [<IP>|all] {on <DEVICE-NAME>}

crypto Clears encryption module database


ike sa [<IP>|all] Clears Internet Key Exchange (IKE) security associations (SAs)
<IP> Clears IKE SAs for a certain peer
all Clears IKE SAs for all peers
on <DEVICE-NAME> Optional. Clears IKE SA entries, for a specified peer or all peers, on a specified AP or wireless
controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.

clear crypto ipsec sa {on <DEVICE-NAME>}

crypto Clears encryption module database


ipsec sa Clears Internet Protocol Security (IPSec) database security associations (SAs)
{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Clears IPSec SA entries on a specified AP or wireless
controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.

clear event-history

event-history Clears event history cache entries

clear ip dhcp bindings [<IP>|all] {on <DEVICE-NAME>}

ip Clears a Dynamic Host Configuration Protocol (DHCP) servers IP address bindings entries
dhcp bindings Clears DHCP connections and server bindings
<IP> Clears specific address binding entries. Specify the IP address to clear binding entries.
all Clears all address binding entries
on <DEVICE-NAME> Optional. Clears a specified address bindings or all address bindings on a specified AP or
wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller
clear ip ospf process {on <DEVICE-NAME>}

ip ospf process Clears already enabled open shortest path first (OSPF) process and restarts the process
on <DEVICE-NAME> Optional. Clears OSPF process on a specified AP or wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller
2 - 14 WiNG 5.4 FIPS Access Point CLI Reference Guide

clear rtls [aeroscout|ekahau] {<DEVICE-NAME> {on <DEVICE-OR-DOMAIN-NAME>}|


on <DEVICE-OR-DOMAIN-NAME>}

rtls Clears Real Time Location Service (RTLS) statistics


aeroscout Clears RTLS Aeroscout statistics
ekahau Clears RTLS Ekahau statistics
<DEVICE-NAME> This keyword is common to the aeroscout and ekahau parameters.
<DEVICE-NAME> Optional. Clears Aeroscout or Ekahau RTLS statistics on a specified AP
or wireless controller
<DEVICE-OR-DOMAIN- This keyword is common to all of the above.
NAME> <DEVICE-OR-DOMAIN-NAME> Optional. Clears Aeroscout or Ekahau RTLS statistics on a
specified AP, wireless controller, or RF Domain

clear spanning-tree detected-protocols {on <DEVICE-NAME>}

spanning-tree Clears spanning tree protocols on an interface, and also restarts protocol migration
detected-protocols Restarts protocol migration
on <DEVICE-NAME> Optional. Clears spanning tree protocol on a specified AP or wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.

clear spanning-tree detected-protocols {interface [<INTERFACE-NAME>|ge <1-2>|


pppoe1|vlan <1-4094>|wwan1]} {on <DEVICE-NAME>}

spanning-tree Clears spanning tree protocols on an interface and restarts protocol migration
detected-protocols Restarts protocol migration
interface Optional. Clears spanning tree protocols on different interfaces
[<INTERFACE-NAME>| <INTERFACE-NAME> Clears detected spanning tree protocol on a specified interface.
ge <1-2>|pppoe1| Specify the interface name.
vlan <1-4094>|wwan1]
ge <1-2> Clears detected spanning tree protocol for the selected GigabitEthernet
interface. Select the GigabitEthernet interface index from 1 - 2.
pppoe1 Clears detected spanning tree protocol for Point-to-Point Protocol over
Ethernet (PPPoE) interface.
vlan <1-4094> Clears detected spanning tree protocol for the selected VLAN interface.
Select a Switch Virtual Interface (SVI) VLAN ID from 1- 4094.
wwan1 Clears detected spanning tree protocol for wireless WAN interface.
on <DEVICE-NAME> Optional. Clears spanning tree protocol entries on a selected AP or wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.
clear vrrp [error-stats|stats] {on <DEVICE-NAME>}

vrrp Clears Virtual Router Redundancy Protocol (VRRP) statistics for a device
error-stats Clears global error statistics
{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Clears VRRP global error statistics on a selected AP or
wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.
USER EXEC MODE COMMANDS 2 - 15

stats Clears VRRP related statistics


{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Clears VRRP related statistics on a selected AP or
wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708>>clear event-history

[G]ap7131-4AA708>clear ip dhcp bindings 172.16.19.9 on ap7131-4AA708

[G]ap7131-4AA708>clear spanning-tree detected-protocols interface ge 1

[G]ap7131-4AA708>clear lldp neighbors on ap7131-4AA708

[G]ap7131-4AA708>show cdp neighbors


--------------------------------------------------------------------------------
Device ID Neighbor IP Platform Local Intrfce Port ID Duplex
--------------------------------------------------------------------------------
ap7131-4AA708 169.254.155.52 AP7131N ge1 ge1 full
--------------------------------------------------------------------------------
[G]ap7131-4AA708>

[G]ap7131-4AA708>clear cdp neighbors


2 - 16 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.5 clock
User Exec Commands
Sets a devices system clock
Supported in the following platforms:
Access Points AP71XX
Syntax
clock set <HH:MM:SS> <1-31> <MONTH> <1993-2035> {on <DEVICE-NAME>}
Parameters
clock set <HH:MM:SS> <1-31> <MONTH> <1993-2035> {on <DEVICE-NAME>}

clock set Sets a devices software system clock


<HH:MM:SS> Sets the current time (in military format hours, minutes and seconds)
<1-31> Sets the numerical day of the month
<MONTH> Sets the month of the year (Jan to Dec)
<1993-2035> Sets a valid four digit year from 1993 - 2035
on <DEVICE-NAME> Optional. Sets the clock on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708>clock set 15:22:20 19 Jun 2012

[G]ap7131-4AA708>show clock
2012-06-19 15:22:41 UTC
[G]ap7131-4AA708>
USER EXEC MODE COMMANDS 2 - 17

2.1.6 create-cluster
User Exec Commands
Creates a new cluster on a specified device
Supported in the following platforms:
Access Points AP71XX
Syntax
create-cluster name <CLUSTER-NAME> ip <IP> {level [1|2]}
Parameters
create-cluster name <CLUSTER-NAME> ip <IP> {level [1|2]}

create-cluster Creates a cluster


name Configures the cluster name
<CLUSTER-NAME> <CLUSTER-NAME> Specify a cluster name
ip <IP> Specifies the devices IP address used for cluster creation
<IP> Specify the devices IP address in A.B.C.D format
level [1|2] Optional. Configures the clusters routing level
1 Configures level 1 (local) routing
2 Configures level 2 (inter-site) routing
Examples
[G]ap7131-4AA708>create-cluster name Cluster1 ip 172.16.10.1 level 1 ges
[G]ap7131-4AA708>

Related Commands

join-cluster Adds a wireless controller, as a member, to an existing cluster of wireless controllers


2 - 18 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.7 crypto
User Exec Commands
Enables digital certificate configuration and RSA Keypair management. Digital certificates are issued by CAs and contain user
or device specific information, such as name, public key, IP address, serial number, company name etc. Use this command to
generate, delete, export, or import encrypted RSA Keypairs and generate Certificate Signing Request (CSR).
This command also enables trustpoint configuration. Trustpoints contain the CAs identity and configuration parameters.
Supported in the following platforms:
Access Points AP71XX
Syntax
crypto [key|pki]

crypto key [generate|zeroise]


crypto key generate rsa <RSA-KEYPAIR-NAME> <1024-2048> {on <DEVICE-NAME>}

crypto key zeroise rsa <RSA-KEYPAIR-NAME> {force {on <DEVICE-NAME>}|on <DEVICE-NAME>}

crypto pki [authenticate|export|generate|import|zeroise]

crypto pki authenticate <TRUSTPOINT-NAME> <LOCATION-URL>


{background {on <DEVICE-NAME>}|on <DEVICE-NAME>}

crypto pki export request


crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
[autogen-subject-name|subject-name]
crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
autogen-subject-name [<EXPORT-TO-URL>, email <SEND-TO-EMAIL>, fqdn <FQDN>,
ip-address <IP>]
crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
autogen-subject-name <EXPORT-TO-URL> {background {on <DEVICE-NAME>}|
on <DEVICE-NAME>}
crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
subject-name <COMMON-NAME> <COUNTRY> <STATE> <CITY> <ORGANIZATION>
<ORGANIZATION-UNIT> [<EXPORT-TO-URL>, email <SEND-TO-EMAIL>, fqdn <FQDN>,
ip-address <IP>]

crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|


use-rsa-key] <RSA-KEYPAIR-NAME> [autogen-subject-name|subject-name]
crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|
use-rsa-key] <RSA-KEYPAIR-NAME> autogen-subject-name {email <SEND-TO-EMAIL>,
fqdn <FQDN>, ip-address <IP>, on <DEVICE-NAME>}
crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|
use-rsa-key] <WORD> subject-name <COMMON-NAME> <COUNTRY> <STATE> <CITY>
<ORGANIZATION> <ORGANIZATION-UNIT> {email <SEND-TO-EMAIL>, fqdn <FQDN>,
ip-address <IP>, on <DEVICE-NAME>}

crypto pki import [certificate|crl]


crypto pki import [certificate|crl] <TRUSTPOINT-NAME> <IMPORT-FROM-URL>
{background {on <DEVICE-NAME>}|on <DEVICE-NAME>}]
crypto pki zeroise trustpoint <TRUSTPOINT-NAME> {del-key {on <DEVICE-NAME>}|
on <DEVICE-NAME>}
USER EXEC MODE COMMANDS 2 - 19

Parameters
crypto key generate rsa <RSA-KEYPAIR-NAME> <1024-2048> {on <DEVICE-NAME>}

key Enables RSA Keypair management. Use this command to export, import, generate, or delete a
RSA key.
generate rsa Generates a new RSA Keypair
<RSA-KEYPAIR-NAME> <RSA-KEYPAIR-NAME> Specify the RSA Keypair name.
<1024-2048> <1024-2048> Sets the size of the RSA key in bits from 1024 - 2048. The default size is
1024.
on <DEVICE-NAME> Optional. Generates the new RSA Keypair on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

crypto key zeroise <RSA-KEYPAIR-NAME> {force {on <DEVICE-NAME>}|on <DEVICE-NAME>}

key Enables RSA Keypair management. Use this command to export, import, generate, or delete a
RSA key.
zeroise rsa Deletes a specified RSA Keypair
<RSA-KEYPAIR-NAME> <RSA-KEYPAIR-NAME> Specify the RSA Keypair name.
Note: All device certificates associated with this key will also be deleted.
force Optional. Forces deletion of all certificates associated with the specified RSA Keypair.
{on <DEVICE-NAME>} Optionally specify a device (AP/wireless controller) on which to force certificate deletion.
on <DEVICE-NAME> Optional. Deletes all certificates associated with the RSA Keypair on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

crypto pki authenticate <TRUSTPOINT-NAME> <URL> {background {on <DEVICE-NAME>}|


on <DEVICE-NAME>}

pki Enables Private Key Infrastructure (PKI) management. Use this command to authenticate, export,
generate, or delete a trustpoint and its associated Certificate Authority (CA) certificates.
authenticate Authenticates a trustpoint and imports the corresponding CA certificate
<TRUSTPOINT-NAME> <TRUSTPOINT-NAME> Specify the trustpoint name.
<URL> Specify CAs location in the following format:
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
Note: The CA certificate is imported from the specified location.
background Optional. Performs authentication in the background. Optionally specify a device (AP/wireless
{on <DEVICE-NAME>} controller) on which to perform authentication.
on <DEVICE-NAME> Optional. Performs authentication on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
2 - 20 WiNG 5.4 FIPS Access Point CLI Reference Guide

crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>


autogen-subject-name [<EXPORT-TO-URL>,email <SEND-TO-EMAIL>,fqdn <FQDN>,ip-address <IP>]

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
export request Exports Certificate Signing Request (CSR) to the CA for digital identity certificate. The CSR
contains applicants details and RSA Keypairs public key.
[generate-rsa-key| Generates a new RSA Keypair or uses an existing RSA Keypair
use-rsa-key] generate-rsa-key Generates a new RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME>
use-rsa-key Uses an existing RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME> If generating a new RSA Keypair, specify a name for it. If using
an existing RSA Keypair, specify its name.
autogen-subject-name Auto generates subject name from configuration parameters. The subject name identifies the
certificate.
<EXPORT-TO-URL> Specify the CAs location in the following format:
{background sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
{on <DEVICE-NAME}|
Note: The CSR is exported to the specified location.
on <DEVICE-NAME>}
background Optional. Performs export operation in the background
on <DEVICE-NAME> Optional. Performs export operation on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
email Exports CSR to a specified e-mail address
<SEND-TO-EMAIL> <SEND-TO-EMAIL> Specify the CAs e-mail address.
fqdn <FQDN> Exports CSR to a specified Fully Qualified Domain Name (FQDN)
<FQDN> Specify the CAs FQDN.
ip address <IP> Exports CSR to a specified device or system
<IP> Specify the CAs IP address.

crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>


subject-name <COUNTRY> <STATE> <CITY> <ORGANIZATION> <ORGANIZATION-UNIT>
[<EXPORT-TO-URL>, email <SEND-TO-EMAIL>, fqdn <FQDN>, ip-address <IP>]

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
export request Exports CSR to the CA for a digital identity certificate.The CSR contains applicants details and
RSA Keypairs public key.
[generate-rsa-key| Generates a new RSA Keypair or uses an existing RSA Keypair
use-rsa-key] generate-rsa-key Generates a new RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME>
use-rsa-key Uses an existing RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME> If generating a new RSA Keypair, specify a name for it. If
using an existing RSA Keypair, specify its name.
subject-name Specifies subject name to identify the certificate
<COMMON-NAME> <COMMON-NAME> Sets the common name used with the CA certificate. The name should
enable you to identify the certificate easily (2 to 64 characters).
USER EXEC MODE COMMANDS 2 - 21

<COUNTRY> Sets the deployment country name (2 character ISO code)


<STATE> Sets the state name (2 to 64 characters)
<CITY> Sets the city name (2 to 64 characters)
<ORGANIZATION> Sets the organization name (2 to 64 characters)
<ORGANIZATION-UNIT> Sets the organization unit (2 to 64 characters)
<EXPORT-TO-URL> Specify the CAs location in the following format:
{background sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
{on <DEVICE-NAME}|
Note: The CSR is exported to the specified location.
on <DEVICE-NAME>}
background Optional. Performs export operation in the background
on <DEVICE-NAME> Optional. Performs export operation on a specific device.
<DEVICE-NAME> Specify the name of the AP or wireless controller.
email Exports CSR to a specified e-mail address
<SEND-TO-EMAIL> <SEND-TO-EMAIL> Specify the CAs e-mail address.
fqdn <FQDN> Exports CSR to a specified FQDN
<FQDN> Specify the CAs FQDN.
ip address <IP> Exports CSR to a specified device or system
<IP> Specify the CAs IP address.

crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]


<RSA-KEYPAIR-NAME> autogen-subject-name [email <SEND-TO-EMAIL>, fqdn <FQDN>, ip-address
<IP>, on <DEVICE-NAME>]

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
generate Generates a CA certificate and a trustpoint
self-signed Generates a self-signed CA certificate and a trustpoint
<TRUSTPOINT-NAME> <TRUSTPOINT-NAME> Specify a name for the certificate and its trustpoint.
[generate-rsa-key| Generates a new RSA Keypair, or uses an existing RSA Keypair
use-rsa-key] generate-rsa-key Generates a new RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME>
use-rsa-key Uses an existing RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME> If generating a new RSA Keypair, specify a name for it. If using
an existing RSA Keypair, specify its name.
autogen-subject-name Auto generates the subject name from the configuration parameters. The subject name helps to
identify the certificate
email Exports CSR to a specified e-mail address
<SEND-TO-EMAIL> <SEND-TO-EMAIL> Specify the e-mail address of the CA.
fqdn <FQDN> Exports CSR to a specified FQDN
<FQDN> Specify the FQDN of the CA.
2 - 22 WiNG 5.4 FIPS Access Point CLI Reference Guide

ip-address <IP> Exports CSR to a specified device or system


<IP> Specify the IP address of the CA.
on <DEVICE-NAME> Exports the CSR on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]


<RSA-KEYPAIR-NAME> subject-name <COMMON-NAME> <COUNTRY> <STATE> <CITY> <ORGANIZATION>
<ORGANIZATION-UNIT> [email <SEND-TO-EMAIL>, fqdn <FQDN>, ip-address <IP>, on <DEVICE-
NAME>]

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
generate self-signed Generates a self-signed CA certificate and a trustpoint
<TRUSTPOINT-NAME> <TRUSTPOINT-NAME> Specify a name for the certificate and its trustpoint.
[generate-rsa-key| Generates a new RSA Keypair, or uses an existing RSA Keypair
use-rsa-key] generate-rsa-key Generates a new RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME>
use-rsa-key Uses an existing RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME> If generating a new RSA Keypair, specify a name for it. If using
an existing RSA Keypair, specify its name.
subject-name Specify a subject name to identify the certificate.
<COMMON-NAME> <COMMON-NAME> Specify the common name used with the CA certificate. The name
should enable you to identify the certificate easily.
<COUNTRY> Sets the deployment country name (2 character ISO code)
<STATE> Sets the state name (2 to 64 characters)
<CITY> Sets the city name (2 to 64 characters)
<ORGANIZATION> Sets the organization name (2 to 64 characters)
<ORGANIZATION-UNIT> Sets the organization unit (2 to 64 characters)
email Exports the CSR to a specified e-mail address
<SEND-TO-EMAIL> <SEND-TO-EMAIL> Specify the CAs e-mail address.
fqdn <FQDN> Exports the CSR to a specified FQDN
<FQDN> Specify the CAs FQDN.
ip address <IP> Exports the CSR to a specified device or system
<IP> Specify the CAs IP address.

crypto pki import [certificate|crl] <TRUSTPOINT-NAME> <IMPORT-FROM-URL>


{background {on <DEVICE-NAME>}|on <DEVICE--NAME>}

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
import Imports certificates, Certificate Revocation List (CRL), or a trustpoint to the selected device
USER EXEC MODE COMMANDS 2 - 23

[certificate|crl] Imports a signed server certificate or CRL


<TRUSTPOINT-NAME> certificate Imports signed server certificate
crl Imports CRL
<TRUSTPOINT-NAME> Specify the trustpoint name (should be authenticated).
<IMPORT-FROM-URL> Specify the signed server certificate or CRL source address in the following format:
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
background Optional. Performs import operation in the background
{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Performs import operation on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
on <DEVICE-NAME> Optional. Performs import operation on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

crypto pki zeroise trustpoint <TRUSTPOINT-NAME> {del-key {on <DEVICE-NAME>}|


on <DEVICE-NAME>}

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
zeroise Deletes a trustpoint and its associated CA certificate, server certificate, and private key
<TRUSTPOINT-NAME> <TRUSTPOINT-NAME> Specify the trustpoint name (should be authenticated).
del-key Optional. Deletes the private key associated with the server certificate
{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Deletes private key on a specific device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
on <DEVICE-NAME> Optional. Deletes the trustpoint on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708>crypto key generate rsa key 1025
RSA Keypair successfully generated
[G]ap7131-4AA708>

[G]ap7131-4AA708>crypto pki generate self-signed word generate-rsa-key word autogen-


subject-name fqdn word
Successfully generated self-signed certificate
[G]ap7131-4AA708>

[G]ap7131-4AA708>crypto pki zeroize trustpoint word del-key


Successfully removed the trustpoint and associated certificates
%Warning: Applications associated with the trustpoint will start using default-trustpoint
[G]ap7131-4AA708>

[G]ap7131-4AA708>crypto pki authenticate word url background on WiNG


Import of CA certificate started in background
[G]ap7131-4AA708>
Related Commands

no Removes server certificates, and trustpoints and their associated certificates


2 - 24 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.8 disable
User Exec Commands
This command can be executed in the Priv Exec Mode only. it turns off (disables) the privileged mode command set and returns
to the User Executable Mode. The prompt changes from [G]ap7131-4AA708# to [G]ap7131-4AA708>.
Supported in the following platforms:
Access Points AP71XX
Syntax
disable
Parameters
None
Examples
[G]ap7131-4AA708#disable
[G]ap7131-4AA708>
USER EXEC MODE COMMANDS 2 - 25

2.1.9 enable
User Exec Commands
Turns on (enables) the privileged mode command set. This command does not do anything in the Privilege Executable mode.
Supported in the following platforms:
Access Points AP71XX
Syntax
enable
Parameters
None
Examples
[G]ap7131-4AA708>enable
[G]ap7131-4AA708#
2 - 26 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.10 join-cluster
User Exec Commands
Adds a wireless controller, as a member, to an existing cluster of wireless controllers. Use this command to add a new wireless
controller to an existing cluster. Before adding the wireless controller, assign a static IP address to it.
Supported in the following platforms:
Access Points AP71XX
Syntax
join-cluster <IP> user <USERNAME> password <WORD> {level|mode}
join-cluster <IP> user <USERNAME> password <WORD> {level [1|2]|mode [active|standby]}
Parameters
join-cluster <IP> user <USERNAME> password <WORD> {level [1|2]|mode [active|standby]}

join-cluster Adds a new wireless controller to an existing cluster


<IP> Specify the IP address of the cluster member.
user <USERNAME> Specify a user account with super user privileges on the new cluster member
password <WORD> Specify password for the account specified in the user parameter
level [1|2] Optional. Configures the routing level
1 Configures level 1 routing
2 Configures level 2 routing
mode [active|standby] Optional. Configures the cluster mode
active Configures this cluster as active
standby Configures this cluster to be on standby mode
Usage Guidelines
To add a wireless controller to an existing cluster:
A static IP address must be configured on the wireless controller being added.
Username and password of one of the following accounts, superuser, network admin, system admin, or operator account
for the new wireless controller must be provided.
Once a wireless controller is added to the cluster, a manual write memory command must be executed. Without this
command, the configuration will not persist across reboots.
Examples
Related Commands
[G]ap7131-4AA708#join-cluster 172.16.10.10 user admin password motorola
Joining cluster at 172.16.10.10... Done
Please execute write memory to save cluster configuration.

[G]ap7131-4AA708#
Related Commands

create-cluster Creates a new cluster on a specified device


USER EXEC MODE COMMANDS 2 - 27

2.1.11 l2tpv3
User Exec Commands
Establishes or brings down a Layer 2 Tunnel Protocol Version 3 (L2TPV3) tunnel
Supported in the following platforms:
Access Points AP71XX
Syntax
l2tpv3 tunnel [<TUNNEL-NAME>|all]
l2tpv3 tunnel <TUNNEL-NAME> [down|session|up]
l2tpv3 tunnel <TUNNEL-NAME> [down|up] {on <DEVICE-NAME>}
l2tpv3 tunnel <TUNNEL-NAME> session <SESSION-NAME> [down|up] {on <DEVICE-NAME>}
l2tpv3 tunnel all [down|up] {on <DEVICE-NAME>}
Parameters
l2tpv3 tunnel <TUNNEL-NAME> [down|up] {on <DEVICE-NAME>}

l2tpv3 tunnel Establishes or brings down L2TPV3 tunnel


<TUNNEL-NAME> Specifies the tunnel name to establish or bring down
[down|up] down Brings down the specified tunnel
up Establishes the specified tunnel
on <DEVICE-NAME> Optional. Establishes or brings down a tunnel on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

l2tpv3 tunnel <TUNNEL-NAME> session <SESSION-NAME> [down|up] {on <DEVICE-NAME>}

l2tpv3 tunnel Establishes or brings downs L2TPV3 tunnel


<TUNNEL-NAME> Establishes or brings down a specified session inside an L2TPV3 tunnel
[session <TUNNEL-NAME> Specify the tunnel name.
<SESSION-NAME>] session <SESSION-NAME> Specify the session name.
[down|up] down Brings down the specified session
up Establishes the specified session
on <DEVICE-NAME> Optional. Establishes or brings down a tunnel session on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

l2tpv3 tunnel all [down|up] {on <DEVICE-NAME>}

l2tpv3 tunnel Establishes or brings down L2TPV3 tunnel


all [down|up] Establishes or brings down all L2TPV3 tunnels
down Brings down all tunnels
up Establishes all tunnels
on <DEVICE-NAME> Optional. Establishes or brings down all tunnels on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
2 - 28 WiNG 5.4 FIPS Access Point CLI Reference Guide

Examples
[G]ap7131-4AA708>l2tpv3 tunnel Tunnel1 session Tunnel1Session1 up on ap7131-4AA708
[G]ap7131-4AA708>

NOTE: For more information on the L2TPV3 tunnel configuration mode and commands,
see Chapter 22, L2TPV3-POLICY.
USER EXEC MODE COMMANDS 2 - 29

2.1.12 logging
User Exec Commands
Modifies message logging settings
Supported in the following platforms:
Access Points AP71XX
Syntax
logging monitor {<0-7>|alerts|critical|debugging|emergencies|errors|informational|
notifications|warnings}
Parameters
logging monitor {<0-7>|alerts|critical|debugging|emergencies|errors|informational|
notifications|warnings}

monitor Sets the terminal lines logging levels. The logging severity levels can be set from 0 - 7. The system
configures default settings, if no logging severity level is specified.
<0-7> Optional. Specify the logging severity level from 0-7. The various levels and their
implications are as follows:
alerts Optional. Immediate action needed (severity=1)
critical Optional. Critical conditions (severity=2)
debugging Optional. Debugging messages (severity=7)
emergencies Optional. System is unusable (severity=0)
errors Optional. Error conditions (severity=3)
informational Optional.Informational messages (severity=6)
notifications Optional. Normal but significant conditions (severity=5)
warnings Optional. Warning conditions (severity=4)
Examples
[G]ap7131-4AA708>logging monitor warnings
[G]ap7131-4AA708>show logging

Logging module: enabled


Aggregation time: disabled
Console logging: level warnings
Monitor logging: level warnings
Buffered logging: level warnings
Syslog logging: level warnings
Facility: local7

Log Buffer (17169 bytes):

Jun 20 09:58:15 2012: %CERTMGR-3-CA_CERT_ACTIONS_FAILURE: Import of CA certifica


te for trustpoint word failed: unknown PWD
Jun 20 09:55:39 2012: %CERTMGR-3-RSA_KEY_ACTIONS_FAILURE: Import of RSA key moto
123 failed: unknown PWD
Jun 20 09:24:32 2012: %AUTHPRIV-4-WARNING: pluto[1478]: inserting event EVENT_RE
INIT_SECRET, timeout in 3600 seconds
Jun 20 08:24:32 2012: %AUTHPRIV-4-WARNING: pluto[1478]: inserting event EVENT_RE
INIT_SECRET, timeout in 3600 seconds
[G]ap7131-4AA708>
Related Commands

no Resets terminal lines logging levels


2 - 30 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.13 exit
User Exec Commands
Ends the current CLI session and closes the session window
For more information, see exit.
Supported in the following platforms:
Access Points AP71XX
Syntax
exit
Parameters
None
Examples
[G]ap7131-4AA708>exit
USER EXEC MODE COMMANDS 2 - 31

2.1.14 mint
User Exec Commands
Uses MiNT protocol to perform a ping and a traceroute to a remote device
Supported in the following platforms:
Access Points AP71XX
Syntax
mint [ping|traceroute]

mint ping <MINT-ID> {(count <1-10000>|size <1-64000>|timeout <1-10>)}

mint traceroute <MINT-ID> {(destination-port <1-65535>|max-hops <1-255>|


source-port <1-65535>|timeout <1-255>)}
Parameters
mint ping <MINT-ID> {(count <1-10000>|size <1-64000>|timeout <1-10>)}

ping <MINT-ID> Sends a MiNT echo message to a MiNT destination


<MINT-ID> Specify the MiNT destination ID to ping.
count <1-10000> Optional. Sets the number of times to ping the MiNT destination
<1-60> Specify a value from 1 - 10000. The default is 3.
size <1-64000> Optional. Sets the MiNT payload size in bytes
<1-64000> Specify a value from 1 - 640000. The default is 64 bytes.
timeout <1-10> Optional. Sets a response time in seconds
<1-10> Specify a value from 1 - 10 seconds. The default is 1 second.

mint traceroute <MINT-ID> {destination-port <1-65535>|max-hops <1-255>|


source-port <1-65535>|timseout <1-255>}

traceroute <MINT-ID> Prints the route packets trace to a device


<MINT-ID> Specify the destination devices MiNT ID.
destination-port Optional. Sets the Equal-cost Multi-path (ECMP) routing destination port
<1-65535> <1-65535> Specify a value from 1 - 65535. The default port is 45.
max-hops <1-255> Optional. Sets the maximum number of hops a traceroute packet traverses in the forward direction
<1-255> Specify a value from 1 - 255. The default is 30.
source-port Optional. Sets the ECMP source port
<1-65535> <1-65535> Specify a value from 1 - 65535. The default port is 45.
timeout <1-255> Optional. Sets the minimum response time period
<1-65535> Specify a value from 1 - 255 seconds. The default is 30 seconds.
2 - 32 WiNG 5.4 FIPS Access Point CLI Reference Guide

Examples
[G]ap7131-4AA708>mint ping 01.4A.A7.08 count 20 size 128
MiNT ping 01.4A.A7.08 with 128 bytes of data.
Response from 01.4A.A7.08: id=1 time=0.601 ms
Response from 01.4A.A7.08: id=2 time=0.324 ms
Response from 01.4A.A7.08: id=3 time=0.348 ms
Response from 01.4A.A7.08: id=4 time=0.313 ms
Response from 01.4A.A7.08: id=5 time=0.323 ms
Response from 01.4A.A7.08: id=6 time=0.314 ms
Response from 01.4A.A7.08: id=7 time=0.322 ms
Response from 01.4A.A7.08: id=8 time=0.284 ms
Response from 01.4A.A7.08: id=9 time=0.317 ms
Response from 01.4A.A7.08: id=10 time=0.312 ms
Response from 01.4A.A7.08: id=11 time=0.304 ms
Response from 01.4A.A7.08: id=12 time=0.321 ms
Response from 01.4A.A7.08: id=13 time=0.295 ms
Response from 01.4A.A7.08: id=14 time=0.317 ms
Response from 01.4A.A7.08: id=15 time=0.319 ms
Response from 01.4A.A7.08: id=16 time=0.318 ms
Response from 01.4A.A7.08: id=17 time=0.315 ms
Response from 01.4A.A7.08: id=18 time=0.287 ms
Response from 01.4A.A7.08: id=19 time=16.027 ms
Response from 01.4A.A7.08: id=20 time=0.324 ms
--- 01.4A.A7.08 ping statistics ---
20 packets transmitted, 20 packets received, 0% packet loss
round-trip min/avg/max = 0.284/1.114/16.027 ms
[G]ap7131-4AA708>
USER EXEC MODE COMMANDS 2 - 33

2.1.15 no
User Exec Commands
Use the no command to revert a command or to set parameters to their default. This command is useful to turn off an enabled
feature or set default values for a parameter.

NOTE: The commands have their own set of parameters that can be reset.

Supported in the following platforms:


Access Points AP71XX
Syntax
no [adoption|captive-portal|crypto|logging|page|service|terminal|wireless]

no adoption {on <DEVICE-OR-DOMAIN-NAME>}

no captive-portal client [captive-portal <CAPTIVE-PORTAL-NAME>|mac <MAC>]


{on <DEVICE-OR-DOMAIN-NAME>}

no crypto pki [server|trustpoint]


no crypto pki [server|trustpoint] <TRUSTPOINT-NAME> {del-key {on <DEVICE-NAME>}|
on <DEVICE-NAME>}

no logging monitor

no page
no service [ap300|cli-tables-expand|locator]
no service ap300 locator <MAC>
no service [cli-tables-expand {<LINE>}|locator {on <DEVICE-NAME>}]

no terminal [length|width]

no wireless client [all|<MAC>]


no wireless client all {filter|on}
no wireless client all {filter [wlan <WLAN-NAME>]}
no wireless client all {on <DEVICE-OR-DOMAIN-NAME>} {filter [wlan <WLAN-NAME>]}
no wireless client mac <MAC> {on <DEVICE-OR-DOMAIN-NAME>}
Parameters
no adoption {on <DEVICE-OR-DOMAIN-NAME>}

no adoption Resets the adoption status of a specified device or all devices adopted by a device
{on <DEVICE-OR- <DEVICE-OR-DOMAIN-NAME> Optional. Specify the name of the AP, wireless controller,
DOMAIN-NAME>} or RF Domain.

no captive-portal client [captive-portal <CAPTIVE-PORTAL-NAME>|mac <MAC>]


{on <DEVICE-OR-DOMAIN-NAME>}

no captive-portal client Disconnects captive portal clients from the network


captive-portal Disconnects captive portal clients
<CAPTIVE-PORTAL- <CAPTIVE-PORTAL-NAME> Specify the captive portal name.
NAME>
mac <MAC> Disconnects a client specified by its MAC address
<MAC> Specify the clients MAC address.
2 - 34 WiNG 5.4 FIPS Access Point CLI Reference Guide

on Optional. Disconnects clients on a specified device or RF Domain


<DEVICE-OR-DOMAIN- <DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or
NAME> RF Domain.

no crypto pki [server|trustpoint] <TRUSTPOINT-NAME> {del-key {on <DEVICE-NAME>}|


on <DEVICE-NAME>}

no crypto pki Deletes all PKI authentications


[server|trustpoint] Deletes PKI authentications, such as server certificates and trustpoints
<TRUSTPOINT-NAME> server Deletes server certificates
trustpoint Deletes a trustpoint and its associated certificates
The following keyword is common to the server and trustpoint parameters:
<TURSTPOINT-NAME> Deletes a trustpoint or its server certificate. Specify the
trustpoint name.
del-key Optional. Deletes the private key associated with a server certificate or trustpoint. The
{on <DEVICE-NAME>} operation will fail if the private key is in use by other trustpoints.
on <DEVICE-NAME> Optional. Deletes the private key on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

no logging monitor

no logging monitor Resets terminal lines message logging levels

no page

no page Resets wireless controller paging function to its default. Disabling the page command
displays the CLI command output at once, instead of page by page.

no service ap300 locator <MAC>

no service Disables LEDs on AP300s or a specified device in the WLAN. It also resets the CLI table expand
and MiNT protocol configurations.
no ap300 locator <MAC> Disables LEDs on AP300s
<MAC> Specify the AP300s MAC address.

no service [cli-tables-expand {<LINE>}|locator {on <DEVICE-NAME>}]

no service Disables LEDs on AP300s or a specified device in the WLAN. It also resets the CLI table expand
and MiNT protocol configurations.
cli-tables-expand Resets the expand configuration of the CLI table, so that the table does not expand in the
{<LINE>} drop-down format
locator Disables LEDs on a specified device
{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Specify the name of the AP or wireless controller.
USER EXEC MODE COMMANDS 2 - 35

no terminal [length|width]

no terminal [length|width] Resets the width of the terminal window or the number of lines displayed within the terminal
window
length Resets the number of lines displayed on the terminal window to its default
width Resets the width of the terminal window to its default

no wireless client all {filter [wlan <WLAN-NAME>]}

no wireless client all Disassociates all clients on a specified device or domain


filter Optional. Specifies additional client selection filter
[wlan <WLAN-NAME>] wlan Filters clients on a specified WLAN
<WLAN-NAME> Specify the WLAN name.

no wireless client all {on <DEVICE-OR-DOMAIN-NAME>} {filter [wlan <WLAN-NAME>]}

no wireless client all Disassociates all wireless clients on a specified device or domain
{on <DEVICE-OR-DOMAIN- on <DEVICE-OR-DOMAIN-NAME> Optional. Specify the name of the AP, wireless
NAME>} controller, or RF Domain.
filter The following are optional filter parameters:
[wlan <WLAN-NAME>] filter Optional. Specifies additional client selection filter
wlan Filters clients on a specified WLAN
<WLAN-NAME> Specify the WLAN name.
no wireless client mac <MAC> {on <DEVICE-OR-DOMAIN-NAME>}

no wireless client Disassociates a single wireless client on a specified device or RF Domain


mac <MAC> mac <MAC> Specify the wireless clients MAC address in the AA-BB-CC-DD-EE-FF format
on <DEVICE-OR-DOMAIN- Optional. Specifies the name of the AP, wireless controller, or RF Domain to which the specified
NAME> client is associated
Usage Guidelines
The no command negates any command associated with it. Wherever required, use the same parameters associated with the
command getting negated.
Examples
[G]ap7131-4AA708>no adoption

[G]ap7131-4AA708>no page
[G]ap7131-4AA708>no service cli-tables-expand line
Related Commands

auto-provisioning- Resets the adoption state of a device and all devices adopted to it
policy
captive portal Manages captive portal clients
crypto Enables digital certificate configuration and RSA Keypair management.
logging Modifies message logging settings
page Resets the wireless controller paging function to its default
2 - 36 WiNG 5.4 FIPS Access Point CLI Reference Guide

service Performs different functions depending on the parameter passed


terminal Sets the length or the number of lines displayed within the terminal window
wireless-client Manages wireless clients
USER EXEC MODE COMMANDS 2 - 37

2.1.16 page
User Exec Commands
Toggles access point paging. Enabling this command displays the CLI command output page by page, instead of running the
entire output at once.
Supported in the following platforms:
Access Points AP71XX
Syntax
page
Parameters
None
Examples
[G]ap7131-4AA708>page
[G]ap7131-4AA708>
Related Commands

no Disables access point paging


2 - 38 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.17 ping
User Exec Commands
Sends Internet Controller Message Protocol (ICMP) echo messages to a user-specified location
Supported in the following platforms:
Access Points AP71XX
Syntax
ping <IP/HOSTNAME> {count <1-10000>|dont-fragment|size <1-64000>}
Parameters
ping <IP/HOSTNAME> {count <1-10000>|dont-fragment|size <1-64000>}

<IP/HOSTNAME> Specify the destination IP address or hostname to ping. When entered without any parameters, this
command prompts for an IP address or a hostname.
count <1-10000> Optional. Sets the number of times to ping the specified destination
<1-10000> Specify a value from 1 - 10000. The default is 5.
dont-fragment Sets the dont fragment bit. Enabling this feature ensures that data packets are not fragmented
size <1-64000> Optional. Sets the size of ping payload in bytes
<1-64000> Specify the ping payload size from 1 - 64000. The default is 100 bytes.
Examples
[G]ap7131-4AA708>ping 172.16.10.4 count 6
PING 172.16.10.4 (172.16.10.4) 100(128) bytes of data.
108 bytes from 172.16.10.4: icmp_seq=1 ttl=64 time=6.85 ms
108 bytes from 172.16.10.4: icmp_seq=2 ttl=64 time=0.459 ms
108 bytes from 172.16.10.4: icmp_seq=3 ttl=64 time=0.422 ms
108 bytes from 172.16.10.4: icmp_seq=4 ttl=64 time=0.421 ms
108 bytes from 172.16.10.4: icmp_seq=5 ttl=64 time=0.428 ms
108 bytes from 172.16.10.4: icmp_seq=6 ttl=64 time=0.454 ms
--- 172.16.10.4 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5002ms
rtt min/avg/max/mdev = 0.421/1.506/6.857/2.393 ms
[G]ap7131-4AA708>
USER EXEC MODE COMMANDS 2 - 39

2.1.18 ssh
User Exec Commands
Opens a Secure Shell (SSH) connection between two network devices
Supported in the following platforms:
Access Points AP71XX
Syntax
ssh <IP/HOSTNAME> <USER-NAME>
Parameters
ssh <IP/HOSTNAME> <USER-NAME>

[<IP/HOSTNAME>] Specify the IP address or hostname of the remote system.


<USERNAME> Specify the name of the user requesting SSH connection with the remote system.
Examples
[G]ap7131-4AA708>ssh 172.16.10.1 admin
The authenticity of host '172.16.10.1 (172.16.10.1)' can't be established.
RSA key fingerprint is 3a:27:12:00:55:3e:e8:a4:30:fb:fc:bb:46:6c:60:94.
Are you sure you want to continue connecting (yes/no)?
2 - 40 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.19 terminal
User Exec Commands
Sets the length or the number of lines displayed within the terminal window
Supported in the following platforms:
Access Points AP71XX
Syntax
terminal [length|width] <0-512>
Parameters
terminal [length|width] <0-512>

length <0-512> Sets the number of lines displayed on a terminal window


<0-512> Specify a value from 0 - 512.
width <0-512> Sets the width or number of characters displayed on a terminal window
<0-512> Specify a value from 0 - 512.
Examples
[G]ap7131-4AA708>terminal length 150
[G]ap7131-4AA708>terminal width 215

[G]ap7131-4AA708>show terminal
Terminal Type: xterm
Length: 150 Width: 215
[G]ap7131-4AA708>
Related Commands

no Resets the width of the terminal window or the number of lines displayed within the terminal
window
USER EXEC MODE COMMANDS 2 - 41

2.1.20 time-it
User Exec Commands
Verifies the time taken by a particular command between request and response
Supported in the following platforms:
Access Points AP71XX
Syntax
time-it <COMMAND>
Parameters
time-it <COMMAND>

time-it <COMMAND> Verifies the time taken by a particular command to execute and provide a result
<COMMAND> Specify the command.
Examples
[G]ap7131-4AA708>time-it enable
That took 0.00 seconds..
[G]ap7131-4AA708#
2 - 42 WiNG 5.4 FIPS Access Point CLI Reference Guide

2.1.21 traceroute
User Exec Commands
Traces the route to a defined destination
Use --help or -h to display a complete list of parameters for the traceroute command
Syntax
traceroute <LINE>
Parameters
traceroute <LINE>

traceroute <LINE> Traces the route to a destination IP address or hostname


<LINE> Specify a traceroute argument. For example, service traceroute-h.
Examples
[G]ap7131-4AA708>traceroute --help
BusyBox v1.14.4 () multi-call binary

Usage: traceroute [-FIldnrv] [-f 1st_ttl] [-m max_ttl] [-p port#] [-q nqueries]
[-s src_addr] [-t tos] [-w wait] [-g gateway] [-i iface]
[-z pausemsecs] HOST [data size]
Trace the route to HOST

Options:
-F Set the don't fragment bit
-I Use ICMP ECHO instead of UDP datagrams
-l Display the ttl value of the returned packet
-d Set SO_DEBUG options to socket
-n Print hop addresses numerically rather than symbolically
-r Bypass the normal routing tables and send directly to a host
-v Verbose
-m max_ttl Max time-to-live (max number of hops)
-p port# Base UDP port number used in probes
(default is 33434)
-q nqueries Number of probes per 'ttl' (default 3)
-s src_addr IP address to use as the source address
-t tos Type-of-service in probe packets (default 0)
-w wait Time in seconds to wait for a response
(default 3 sec)
-g Loose source route gateway (8 max)

[G]ap7131-4AA708>

[G]ap7131-4AA708>traceroute 172.16.10.1
traceroute to 172.16.10.1 (172.16.10.1), 30 hops max, 38 byte packets
1 172.16.10.1 (172.16.10.1) 0.886 ms 0.462 ms 0.481 ms
[G]ap7131-4AA708>
USER EXEC MODE COMMANDS 2 - 43

2.1.22 watch
User Exec Commands
Repeats the specified CLI command at periodic intervals
Supported in the following platforms:
Access Points AP71XX
Syntax
watch <1-3600> <LINE>
Parameters
watch <1-3600> <LINE>

watch Repeats a CLI command at a specified interval


<1-3600> Select an interval from 1 - 3600 seconds. Pressing CTRL-Z halts execution of the command.
<LINE> Specify the CLI command.
Examples
[G]ap7131-4AA708>watch 45 page

[G]ap7131-4AA708>watch 45 ping 172.16.10.1


PING 172.16.10.1 (172.16.10.1) 100(128) bytes of data.
108 bytes from 172.16.10.1: icmp_seq=1 ttl=64 time=0.536 ms
108 bytes from 172.16.10.1: icmp_seq=2 ttl=64 time=0.342 ms
108 bytes from 172.16.10.1: icmp_seq=3 ttl=64 time=0.340 ms
108 bytes from 172.16.10.1: icmp_seq=4 ttl=64 time=0.336 ms
108 bytes from 172.16.10.1: icmp_seq=5 ttl=64 time=0.325 ms

--- 172.16.10.1 ping statistics ---


5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.325/0.375/0.536/0.083 ms

[G]ap7131-4AA708>
2 - 44 WiNG 5.4 FIPS Access Point CLI Reference Guide
CHAPTER 3
PRIVILEGED EXEC MODE COMMANDS
Most PRIV EXEC commands set operating parameters. Privileged-level access should be password protected to prevent
unauthorized use. The PRIV EXEC command set includes commands contained within the USER EXEC mode. The PRIV EXEC
mode also provides access to configuration modes, and includes advanced testing commands.
The PRIV EXEC mode prompt consists of the hostname of the device followed by a pound sign (#).
To access the PRIV EXEC mode, enter the following at the prompt:
[G]ap7131-4AA708>enable
[G]ap7131-4AA708#
The PRIV EXEC mode is often referred to as the enable mode, because the enable command is used to enter the mode.
There is no provision to configure a password to get direct access to PRIV EXEC (enable) mode.
[G]ap7131-4AA708#?
Privileged command commands:
ap-upgrade AP firmware upgrade
boot Boot commands
captive-portal-page-upload Captive portal advanced page upload
change-passwd Change password
clear Clear
clock Configure software system clock
cluster Cluster commands
commit Commit all changes made in this session
configure Enter configuration mode
copy Copy from one file to another
create-cluster Create a cluster
crypto Encryption related commands
debug Debugging functions
disable Turn off privileged mode command
enable Turn on privileged mode command
erase Reset configuration to factory default
fips-license FIPS license management command
halt Halt the system
help Description of the interactive help system
join-cluster Join the cluster
l2tpv3 L2tpv3 protocol
logging Modify message logging facilities
mint MiNT protocol
no Negate a command or set its defaults
page Toggle paging
ping Send ICMP echo messages
re-elect Perform re-election
reload Halt and perform a warm reboot
remote-debug Troubleshoot remote system(s)
revert Revert changes
3-2 WiNG 5.4 FIPS Access Point CLI Reference Guide

self Config context of the device currently logged


into
service Service Commands
show Show running system information
ssh Open an ssh connection
terminal Set terminal line parameters
time-it Check how long a particular command took between
request and completion of response
traceroute Trace route to destination
upgrade Upgrade software image
upgrade-abort Abort an ongoing upgrade
watch Repeat the specific CLI command at a periodic
interval
write Write running configuration to memory or
terminal
zeroize Zeroization of Critical Security Parameters

clrscr Clears the display screen


exit Exit from the CLI

[G]ap7131-4AA708#
PRIVILEGED EXEC MODE COMMANDS 3-3

3.1 Privileged Exec Mode Commands


Table 3.1 sum marizes PRIV EXEC Mode commands.
Table 3.1 Privileged Exec Commands

Command Description Reference


ap-upgrade Enables an automatic firmware upgrade on an adopted AP page 3-5
boot Specifies the image used after reboot page 3-11
change-passwd Changes the password of a logged user page 3-12
clear Clears parameters, cache entries, table entries, and other similar entries page 3-13
clock Configures the system clock page 3-17
cluster Initiates a cluster context page 3-18
configure Enters the configuration mode page 3-19
copy Copies a file from any location to the wireless controller page 3-20
create-cluster Creates a new cluster on a specified device page 3-21
crypto Enables encryption page 3-22
disable Disables the privileged mode command set page 3-28
enable Turns on (enables) the privileged mode commands set page 3-29
erase Erases a file system page 3-30
exit Ends the current CLI session and closes the session window page 3-31
fips-license Pushes fips-license from a Controller onto an AP page 3-32
halt Halts a device or a wireless controller page 3-34
join-cluster Adds a wireless controller, as cluster member, to an existing cluster of wireless page 3-35
controllers
l2tpv3 Establishes or brings down Layer 2 Tunneling Protocol Version 3 (L2TPV3) tunnel page 3-36
logging Modifies message logging parameters page 3-38
mint Configures MiNT protocols page 3-39
no Reverts a command or sets values to their default settings page 3-41
page Toggles wireless controller paging page 3-45
ping Sends ICMP echo messages to a user-specified location page 3-46
re-elect Re-elects tunnel wireless controller page 3-47
reload Halts the wireless controller and performs a warm reboot page 3-48
self Displays the configuration context of the device page 3-49
ssh Connects to another device using a secure shell page 3-50
3-4 WiNG 5.4 FIPS Access Point CLI Reference Guide

Table 3.1 Privileged Exec Commands

Command Description Reference


terminal Sets the length/number of lines displayed within the terminal window page 3-51
time-it Verifies the time taken by a particular command between request and response page 3-52
upgrade Upgrades the software image page 3-54
upgrade-abort Aborts an ongoing software image upgrade page 3-55
watch Repeats the specific CLI command at a periodic interval page 3-56
zeroize Conducts a zeroization of critical security parameter page 3-57
clrscr Clears the display screen page 5-3
commit Commits (saves) the changes made in the current session page 5-4
help Displays interactive help system page 5-6
revert Reverts changes to their last saved configuration page 5-12
service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 6-4
write Writes information to memory or terminal page 5-33
PRIVILEGED EXEC MODE COMMANDS 3-5

3.1.1 ap-upgrade
Privileged Exec Mode Commands
Enables automatic firmware upgrade on an adopted AP or a set of APs. APs of the same type can be upgraded together. Once
APs have been upgraded, they can be forced to reboot. This command also loads the firmware on to a wireless controller.
The AP upgrade command also upgrades APs in a specified RF Domain.
Supported in the following platforms:
Access Points AP71XX
Syntax
ap-upgrade [<MAC/HOSTNAME>|all|ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx|
cancel-upgrade|load-image|rf-domain]

ap-upgrade [<MAC/HOSTNAME>] {no-reboot|reboot-time <TIME>|


upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}

ap-upgrade all {no-reboot|reboot-time <TIME>|upgrade-time <TIME> {no-reboot|


reboot-time <TIME>}} {(staggered-reboot)}
ap-upgrade [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx] all
{no-reboot|reboot-time <TIME>|upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}
{(staggered-reboot)}]

ap-upgrade cancel-upgrade [<MAC/HOSTNAME>|all|ap621|ap622|ap650|ap6511|ap6521|ap6522|


ap6532|ap71xx|on]
ap-upgrade cancel-upgrade [<MAC/HOSTNAME>|all]
ap-upgrade cancel-upgrade [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx] all
ap-upgrade cancel-upgrade on rf-domain [<RF-DOMAIN-NAME>|all]

ap-upgrade load-image [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx]


<IMAGE-URL>

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|ap6521|


ap6522|ap6532|ap71xx] {no-reboot|no-via-rf-domain|reboot-time <TIME>|
staggered-reboot|upgrade-time <TIME>}

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|ap6522|


ap6521|ap6532|ap71xx] {no-reboot {staggered-reboot}|
reboot-time <TIME> {staggered-reboot}}

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6521|ap6532|ap71xx] {no-via-rf-domain {no-reboot|reboot-time <TIME>|
upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}} {(staggered-reboot)}

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|ap6521|


ap6522|ap6532|ap71xx] {upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}
{(staggered-reboot)}
Parameters
ap-upgrade <MAC/HOSTNAME> {no-reboot|reboot-time <TIME>|upgrade-time <TIME>
{no-reboot|reboot-time <TIME>}}

<MAC/HOSTNAME> Upgrades firmware on a specified AP or all APs adopted by the wireless controller
<MAC/HOSTNAME> Specify the APs MAC address or hostname.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade
<TIME> Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
3-6 WiNG 5.4 FIPS Access Point CLI Reference Guide

upgrade-time <TIME> Optional. Schedules an automatic firmware upgrade


{no-reboot| <TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a
reboot-time <TIME>} scheduled upgrade, these actions can be performed.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade.
Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.

ap-upgrade all {no-reboot|reboot-time <TIME>|upgrade-time <TIME> {no-reboot|


reboot-time <TIME>}} {(staggered-reboot)}

all Upgrades firmware on all APs adopted by the wireless controller


no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade
<TIME> Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
upgrade-time <TIME> Optional. Schedules an automatic firmware upgrade on all adopted APs
{no-reboot| <TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a
reboot-time <TIME>} scheduled upgrade, these actions can be performed.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade.
Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit

ap-upgrade [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx] all


{no-reboot|reboot-time <TIME>|upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}
{(staggered-reboot)}

[ap621|ap622| Upgrades firmware on all adopted APs


ap650|ap6511| AP621 all Upgrades firmware on all AP621s
ap6521|ap6522|
AP622 all Upgrades firmware on all AP622s
ap6532|ap71xx] all
AP650 all Upgrades firmware on all AP650s
AP6511 all Upgrades firmware on all AP6511s
AP6521 all Upgrades firmware on all AP6521s
AP6522 all Upgrades firmware on all AP6522s
AP6532 all Upgrades firmware on all AP6532s
AP71XX all Upgrades firmware on all AP71XXs
After selecting the AP type, you can schedule an automatic upgrade and/or an automatic reboot.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade
<TIME> Optional. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
PRIVILEGED EXEC MODE COMMANDS 3-7

upgrade-time <TIME> Optional. Schedules firmware upgrade on an AP adopted by the wireless controller
{no-reboot| <TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a
reboot-time <TIME>} scheduled upgrade, these actions can be performed.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade.
Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit

ap-upgrade cancel-upgrade [<MAC/HOSTNAME>|all]

cancel-upgrade Cancels scheduled firmware upgrade on a specified AP or all APs adopted by the wireless
[<MAC/HOSTNAME>| controller
all] <MAC/HOSTNAME> Cancels scheduled upgrade on a specified AP. Specify the APs MAC
address or hostname.
all Cancels scheduled upgrade on all APs

ap-upgrade cancel-upgrade [ap621|ap622|ap650|ap651|ap6521|ap6522|ap6532|ap71xx] all

cancel-upgrade Cancels scheduled firmware upgrade on all adopted APs


[ap621|ap622|ap650| AP621 all Cancels scheduled upgrade on all AP621s
ap6511|ap6521|
AP622 all Cancels scheduled upgrade on all AP622s
ap6522|ap6532|
ap71xx] all AP650 all Cancels scheduled upgrade on all AP650s
AP6511 all Cancels scheduled upgrade on all AP6511s
AP6521 all Cancels scheduled upgrade on all AP6521s
AP6522 all Cancels scheduled upgrade on all AP6522s
AP6532 all Cancels scheduled upgrade on all AP6532s
AP71XX all Cancels scheduled upgrade on all AP71XXs

ap-upgrade cancel-upgrade on rf-domain [<DOMAIN-NAME>|all]

cancel-upgrade on Cancels scheduled firmware upgrade on a specified RF Domain or all RF Domains


rf-domain <RF-DOMAIN-NAME> Cancels scheduled upgrade on a specified RF Domain. Specify the
[<RF-DOMAIN-NAME>| RF Domain name.
all]
all Cancels scheduled upgrades on all RF Domains
3-8 WiNG 5.4 FIPS Access Point CLI Reference Guide

ap-upgrade load-image [ap621|ap622|ap650|ap6511|ap6521|ap6522|ap6532|ap71xx]


<IMAGE-URL>

load-image Loads AP firmware images on the wireless controller. Select the AP type and provide the location
[ap621|ap622|ap650| of the AP firmware image.
ap6511|ap6521|ap6522| AP621 <IMAGE-URL> Loads AP621 firmware image
ap6532|ap71xx]
AP622 <IMAGE-URL> Loads AP622 firmware image
AP650 <IMAGE-URL> Loads AP650 firmware image
AP6511 <IMAGE-URL> Loads AP6511 firmware image
AP6521 <IMAGE-URL> Loads AP6521 firmware image
AP6522 <IMAGE-URL> Loads AP6522 firmware image
AP6532 <IMAGE-URL> Loads AP6532 firmware image
AP71XX <IMAGE-URL> Loads AP71XX firmware image
<IMAGE-URL> Specify the AP firmware image location in the following format:
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|ap6521|


ap6522|ap6532|ap71xx] {no-reboot {staggered-reboot}|reboot-time <TIME>
{staggered-reboot}}

rf-domain Upgrades AP firmware on devices in a specified RF Domain or all RF Domains


[<RF-DOMAIN-NAME>| <RF-DOMAIN-NAME> Upgrades firmware in a specified RF Domain. Specify the RF Domain
all] name.
all Upgrades firmware on all RF Domains
[all|ap621|ap622| After specifying the RF Domain, select the AP type.
ap650|ap6511| all Upgrades firmware on all APs
ap6521|ap6522|
AP621 Upgrades firmware on all AP621s
ap6532|ap71xx]
AP622 Upgrades firmware on all AP622s
AP650 Upgrades firmware on all AP650s
AP6511 Upgrades firmware on all AP6511s
AP6521 Upgrades firmware on all AP6521s
AP6522 Upgrades firmware on all AP6522s
AP6532 Upgrades firmware on all AP6532s
AP71XX Upgrades firmware on all AP71XXs
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
{staggered-reboot} manually restarted)
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot, after a successful upgrade. Specify the reboot time in
{staggered-reboot} the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit
PRIVILEGED EXEC MODE COMMANDS 3-9

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6521|ap6522|ap6532|ap71xx] {no-via-rf-domain {no-reboot|reboot-time <TIME>|
upgrade-time <TIME> {no-reboot|reboot-time <TIME>}} {(staggered-reboot)}

rf-domain Upgrades AP firmware on devices in a specified RF Domain or all RF Domains


[<RF-DOMAIN-NAME>| <RF-DOMAIN-NAME> Upgrades firmware in a specified RF Domain. Specify the RF Domain
all] name.
all Upgrades firmware on all RF Domains
[all|ap621|ap622| After specifying the RF Domain, select the AP type.
ap650|ap6511| all Upgrades firmware on all APs
ap6521|ap6522|
AP621 Upgrades firmware on all AP621s
ap6532|ap71xx]
AP622 Upgrades firmware on all AP622s
AP650 Upgrades firmware on all AP650s
AP6511 Upgrades firmware on all AP6511s
AP6521 Upgrades firmware on all AP6521s
AP6522 Upgrades firmware on all AP6522s
AP6532 Upgrades firmware on all AP6532s
AP71XX Upgrades firmware on all AP71XXs
no-via-rf-domain Upgrades APs from the adopted device
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
{staggered-reboot} manually restarted)
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot, after a successful upgrade. Specify the reboot time in
{staggered-reboot} the MM/DD/YYYY-HH:MM or HH:MM format.
upgrade-time <TIME> Optional. Schedules an automatic firmware upgrade
{no-reboot| <TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a
reboot-time <TIME>} scheduled upgrade, these actions can be performed.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade.
Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit

ap-upgrade rf-domain [<RF-DOMAIN-NAME>|all] [all|ap621|ap622|ap650|ap6511|


ap6521|ap6522|ap6532|ap71xx] {upgrade-time <TIME> {no-reboot|reboot-time <TIME>}}
{(staggered-reboot)}

rf-domain Upgrades AP firmware on devices in a specified RF Domain or all RF Domains


[<RF-DOMAIN-NAME>| <RF-DOMAIN-NAME> Upgrades firmware in a specified RF Domain. Specify the RF Domain
all] name.
all Upgrades firmware on all RF Domains
3 - 10 WiNG 5.4 FIPS Access Point CLI Reference Guide

[all|ap621|ap622| After specifying the RF Domain, select the AP type.


ap650|ap6511| all Upgrades firmware on all APs
ap6521|ap6522|
AP621 Upgrades firmware on all AP621s
ap6532|ap71xx]
AP622 Upgrades firmware on all AP622s
AP650 Upgrades firmware on all AP650s
AP6511 Upgrades firmware on all AP6511s
AP6521 Upgrades firmware on all AP6521s
AP6522 Upgrades firmware on all AP6522s
AP6532 Upgrades firmware on all AP6532s
AP71XX Upgrades firmware on all AP71XXs
upgrade <TIME> Schedules AP firmware upgrade
<TIME> Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format.
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless controller must be
{staggered-reboot} manually restarted)
no-reboot Optional. Disables automatic reboot after a successful upgrade (the wireless
controller must be manually restarted)
reboot-time <TIME> Optional. Schedules an automatic reboot, after a successful upgrade. Specify the reboot time in
{staggered-reboot} the MM/DD/YYYY-HH:MM or HH:MM format.
staggered-reboot The staggered-reboot keyword is common to all of the above.
Optional. Enables staggered reboot (one at a time), without network being hit
Examples
[G]ap7131-139B34#ap-upgrade all no-reboot staggered-reboot
[G]ap7131-139B34#
PRIVILEGED EXEC MODE COMMANDS 3 - 11

3.1.2 boot
Privileged Exec Mode Commands
Specifies the image used after reboot
Supported in the following platforms:
Access Points AP71XX
Syntax
boot system [primary|secondary] {on <DEVICE-NAME>}
Parameters
boot system [primary|secondary] {on <DEVICE-NAME>}

system Specifies the image used after a device reboot


[primary|secondary] primary Uses a primary image after reboot
secondary Uses a secondary image after reboot
on <DEVICE-NAME> Optional. Specifies the primary or secondary image location on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708#boot system secondary
Updated system boot partition
[G]ap7131-4AA708#
3 - 12 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.3 change-passwd
Privileged Exec Mode Commands
Changes the password of a logged user. When this command is executed without any parameters, the password can be
changed interactively.
Supported in the following platforms:
Access Points AP71XX
Syntax
change-passwd {<OLD-PASSWORD>} <NEW-PASSWORD>
Parameters
change-passwd {<OLD-PASSWORD>} <NEW-PASSWORD>

<OLD-PASSWORD> Optional. Specify the password that needs to be changed.


<NEW-PASSWORD> Specify the new password.
Note: The password can also be changed interactively. To do so, press [Enter] after the
command.
Usage Guidelines
A password must be from 8 - 64 characters.
Examples
[G]ap7131-4AA708#change-passwd
Enter old password:
Enter new password:
Password for user 'admin' changed successfully
Please write this password change to memory(write memory) to be persistent.
[G]ap7131-4AA708#write memory
OK
[G]ap7131-4AA708#
PRIVILEGED EXEC MODE COMMANDS 3 - 13

3.1.4 clear
Privileged Exec Mode Commands
Clears parameters, cache entries, table entries, and other entries. The clear command is available for specific commands only.
The information cleared using this command varies depending on the mode where the clear command is executed.
Supported in the following platforms:
Access Points AP71XX
Syntax
clear [arp-cache|cdp|counters|crypto|event-history|firewall|ip|lldp|logging|rtls|
spanning-tree|vrrp]

clear arp-cache {on <DEVICE-NAME>}

clear [cdp|lldp] neighbors {on <DEVICE-NAME>}

clear counters [all|bridge|interface|router|thread]


clear counters interface [<INTERFACE>|all|ge <1-2>|pppoe1|vlan <1-4094>|wwan1]

clear crypto [ike|ipsec]


clear crypto ike sa [<IP>|all] {on <DEVICE-NAME>}
clear crypto ipsec sa {on <DEVICE-NAME>}

clear event-history

clear firewall [dhcp snoop-table|dos stats|flows] {on <DEVICE-NAME>}

clear ip [dhcp|ospf]
clear ip dhcp bindings [<IP>|all] {on <DEVICE-NAME>}
clear ip ospf process {on <DEVICE-NAME>}

clear logging {on <DEVICE-NAME>}

clear rtls [aeroscout|ekahau]


clear rtls [aeroscout|ekahau] {<DEVICE-NAME> {on <DEVICE-OR-DOMAIN-NAME>}|
on <DEVICE-OR-DOMAIN-NAME>}

clear spanning-tree detected-protocols {interface|on <DEVICE-NAME>}


clear spanning-tree detected-protocols {interface [<INTERFACE>|ge <1-2>pppoe1|
vlan <1-4094>|wwan1]} {on <DEVICE-NAME>}
clear vrrp [error-stats|stats] {on <DEVICE-NAME>}
Parameters
clear arp-cache {on <DEVICE-NAME>}

arp-cache Clears Address Resolution Protocol (ARP) cache entries on an AP or wireless controller
on <DEVICE-NAME> Optional. Clears ARP cache entries on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

clear [cdp|lldp] neighbors {on <DEVICE-NAME>}

cdp Clears Cisco Discovery Protocol (CDP) table entries


ldp Clears Link Layer Discovery Protocol (LLDP) neighbor table entries
neighbors Clears CDP or LLDP neighbor table entries based on the option selected in the preceding step
on <DEVICE-NAME> Optional. Clears CDP or LLDP neighbor table entries on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
3 - 14 WiNG 5.4 FIPS Access Point CLI Reference Guide

clear counters [all|bridge|router|thread]

counters Clears counters on a system


[all|bridge|router| all Clears all counters irrespective of the interface type
thread]
bridge Clears bridge counters
router Clears router counters
thread Clears per-thread counters

clear counters interface [<INTERFACE>|all|ge <1-2>|pppoe1|vlan <1-4094>|wwan1]

counters interface Clears interface counters for a specified interface


[<INTERFACE>|all| <INTERFACE> Clears a specified interface counters. Specify the interface name.
ge <1-4>|me1|
all Clears all interface counters
port-channel <1-2>|
pppoe1|vlan <1-4094>| ge <1-2> Clears GigabitEthernet interface counters. Specify the GigabitEthernet interface
wwan1] index from 1 -2
pppoe1 Clears Point-to-Point Protocol over Ethernet (PPPoE) interface counters
vlan <1-4094> Clears interface counters. Specify the Switch Virtual Interface (SVI) VLAN
ID from 1 - 4094.
wwan1 Clears wireless WAN interface counters

clear crypto ike sa [<IP>|all] {on <DEVICE-NAME>}

crypto Clears encryption module database


ike sa [<IP>|all] Clears Internet Key Exchange (IKE) security associations (SAs)
<IP> Clears IKE SAs for a certain peer
all Clears IKE SAs for all peers
on <DEVICE-NAME> Optional. Clears IKE SA entries, for a specified peer or all peers, on a specified AP or wireless
controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.

clear crypto ipsec sa {on <DEVICE-NAME>}

crypto Clears encryption module database


ipsec sa Clears Internet Protocol Security (IPSec) database SAs
{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Clears IPSec SA entries on a specified AP or wireless
controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.

clear event-history

event-history Clears event history cache entries

clear firewall [dhcp snoop-table|dos stats|flows] {on <DEVICE-NAME>}

firewall Clears firewall event entries


DHCP snoop-table Clears DHCP snoop table entries
dos stats Clears denial of service statistics
PRIVILEGED EXEC MODE COMMANDS 3 - 15

flows Clears established firewall sessions


on <DEVICE-NAME> The following keywords are common to the DHCP, DOS, and flows parameters:
on <DEVICE-NAME> Optional. Clears DHCP snoop table entries, denial of service statistics,
or the established firewall sessions on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

clear ip dhcp bindings [<IP>|all] {on <DEVICE-NAME>}

ip Clears a Dynamic Host Configuration Protocol (DHCP) servers IP address bindings entries
dhcp bindings Clears DHCP servers connections and address binding entries
<IP> Clears specific address binding entries. Specify the IP address to clear binding entries.
all Clears all address binding entries
on <DEVICE-NAME> Optional. Clears a specified address bindings or all address bindings on a specified AP or
wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller

clear ip ospf process {on <DEVICE-NAME>}

ip ospf process Clears already enabled open shortest path first (OSPF) process and restarts the process
on <DEVICE-NAME> Optional. Clears OSPF process on a specified AP or wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller

clear rtls [aeroscout|ekahau] {<DEVICE-NAME> {on <DEVICE-OR-DOMAIN-NAME>}|


on <DEVICE-OR-DOMAIN-NAME>}

rtls Clears Real Time Location Service (RTLS) statistics


aeroscout Clears RTLS Aeroscout statistics
ekahau Clears RTLS Ekahau statistics
<DEVICE-NAME> This keyword is common to the aeroscout and ekahau parameters.
<DEVICE-NAME> Optional. Clears Aeroscout or Ekahau RTLS statistics on a specified AP,
wireless controller
<DEVICE-OR-DOMAIN- This keyword is common to all of the above.
NAME> <DEVICE-OR-DOMAIN-NAME> Optional. Clears Aeroscout or Ekahau RTLS statistics on a
specified AP, wireless controller, or RF Domain
clear spanning-tree detected-protocols {on <DEVICE-NAME>}

spanning-tree Clears spanning tree protocols on an interface, and also restarts protocol migration
detected-protocols Restarts protocol migration
on <DEVICE-NAME> Optional. Clears spanning tree protocols on a specified device
<DEVICE-NAME> Optional. Specify the name of the AP or wireless controller.
3 - 16 WiNG 5.4 FIPS Access Point CLI Reference Guide

clear spanning-tree detected-protocols {interface [<INTERFACE>|ge <1-2>|pppoe1|vlan


<1-4094>|wwan1]} {on <DEVICE-NAME>}

spanning-tree Clears spanning tree protocols on an interface and restarts protocol migration
detected-protocols Restarts protocol migration
interface Optional. Clears spanning tree protocols on different interfaces
[<INTERFACE>| <INTERFACE> Clears detected spanning tree protocol on a specified interface. Specify the
ge <1-2>|pppoe1|vlan <1- interface name.
4094>|
ge <1-2> Clears detected spanning tree protocol for the selected GigabitEthernet
wwan1]
interface. Select the GigabitEthernet interface index from 1 - 2.
pppoe1 Clears detected spanning tree protocol for Point-to-Point Protocol over Ethernet
(PPPoE) interface.
vlan <1-4094> Clears detected spanning tree protocol for the selected VLAN interface.
Select a SVI VLAN ID from 1- 4094.
wwan1 Clears detected spanning tree protocol for wireless WAN interface.
on <DEVICE-NAME> Optional. Clears spanning tree protocol entries on a selected AP or wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.
clear vrrp [error-stats|stats] {on <DEVICE-NAME>}

vrrp Clears Virtual Router Redundancy Protocol (VRRP) statistics for a device
error-stats Clears global error statistics
{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Clears VRRP global error statistics on a selected AP or
wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.
stats Clears VRRP related statistics
{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Clears VRRP related statistics on a selected AP or wireless
controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708>clear crypto isakmp sa 111.222.333.01 on ap7131-139B34
[G]ap7131-4AA708>

[G]ap7131-4AA708>clear event-history
[G]ap7131-4AA708>

[G]ap7131-4AA708>clear spanning-tree detected-protocols interface port-channel 1


[G]ap7131-4AA708>

[G]ap7131-4AA708>clear ip dhcp bindings 172.16.10.9 on ap7131-139B34


[G]ap7131-4AA708>

[G]ap7131-4AA708#clear cdp neighbors on ap7131-139B34


[G]ap7131-4AA708#
PRIVILEGED EXEC MODE COMMANDS 3 - 17

3.1.5 clock
Privileged Exec Mode Commands
Sets a devices system clock
Supported in the following platforms:
Access Points AP71XX
Syntax
clock set <HH:MM:SS> <1-31> <MONTH> <1993-2035> {on <DEVICE-NAME>}
Parameters
clock set <HH:MM:SS> <1-31> <MONTH> <1993-2035> {on <DEVICE-NAME>}

clock set Sets a devices system clock


<HH:MM:SS> Sets the current time (in military format hours, minutes and seconds)
<1-31> Sets the numerical day of the month
<MONTH> Sets the month of the year (Jan to Dec)
<1993-2035> Sets a valid four digit year from 1993 - 2035
on <DEVICE-NAME> Optional. Sets the clock on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708#clock set 16:01:45 20 Mar 2012 on ap7131-139B34
[G]ap7131-4AA708#

[G]ap7131-4AA708#show clock
2012-03-20 16:01:53 UTC
[G]ap7131-4AA708#
3 - 18 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.6 cluster
Privileged Exec Mode Commands
Initiates the cluster context. The cluster context provides centralized management to configure all cluster members from any
one member.
Commands executed under this context are executed on all members of the cluster.
Supported in the following platforms:
Access Points AP71XX
Syntax
cluster start-election
Parameters
cluster start-election

start-election Starts a new cluster master election


Examples
[G]ap7131-4AA708#cluster start-election
[G]ap7131-4AA708#
Related Commands

create-cluster Creates a new cluster on a specified device


join-cluster Adds a wireless controller, as cluster member, to an existing cluster of devices
PRIVILEGED EXEC MODE COMMANDS 3 - 19

3.1.7 configure
Privileged Exec Mode Commands
Enters the configuration mode. Use this command to enter the current devices configuration mode, or enable configuration
from the terminal.
Supported in the following platforms:
Access Points AP71XX
Syntax
configure {self|terminal}
Parameters
configure {self|terminal}

self Optional. Enables the current devices configuration mode


terminal Optional. Enables configuration from the terminal
Examples
[G]ap7131-139B34#configure self
Enter configuration commands, one per line. End with CNTL/Z.
[G]ap7131-139B34(config-device-00-23-68-13-9B-34)#
3 - 20 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.8 copy
Privileged Exec Mode Commands
Copies a file (config,log,txt...etc) from any location to the wireless controller and vice-versa
NOTE: Copying a new config file onto an existing running-config file merges it with the existing
running-config on the wireless controller. Both the existing running-config and the new config file are
applied as the current running-config.
Copying a new config file onto a start-up config files replaces the existing start-up config file with the
parameters of the new file. It is better to erase the existing start-up config file and then copy the new
config file to the startup config.
Supported in the following platforms:
Access Points AP71XX
Syntax
copy [<SOURCE-FILE>|<SOURCE-URL>] [<DESTINATION-FILE>|<DESTINATION-URL>]
Parameters
copy [<SOURCE-FILE>|<SOURCE-URL>] [<DESTINATION-FILE>|<DESTINATION-URL>]

<SOURCE-FILE> Specify the source file to copy


<SOURCE-URL> Specify the source file URL
<DESTINATION-FILE> Specify the destination file to copy to
<DESTINATION-URL> Specify the destination file URL
Examples

[G]ap7131-4AA708#copy running-config sftp://root:symbol@172.16.10.10/AP7131.img


[G]ap7131-4AA708#
PRIVILEGED EXEC MODE COMMANDS 3 - 21

3.1.9 create-cluster
Privileged Exec Mode Commands
Creates a new cluster on a specified device
Supported in the following platforms:
Access Points AP71XX
Syntax
create-cluster name <CLUSTER-NAME> ip <IP> {level [1|2]}
Parameters
create-cluster name <CLUSTER-NAME> ip <IP> {level [1|2]}

create-cluster Creates a cluster


name Configures the cluster name
<CLUSTER-NAME> <CLUSTER-NAME> Specify a cluster name
ip <IP> Specifies the devices IP address used for cluster creation
<IP> Specify the devices IP address in A.B.C.D format
level [1|2] Optional. Configures the routing level for this cluster
1 Configures level 1 (local) routing
2 Configures level 2 (inter-site) routing
Examples
[G]ap7131-4AA708>create-cluster name Cluster1 ip 172.16.10.1 level 1

[G]ap7131-4AA708>
Related Commands

cluster Initiates the cluster context. The cluster context provides centralized management to configure
all cluster members from any one member.
join-cluster Adds a wireless controller, as cluster member, to an existing cluster of devices
3 - 22 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.10 crypto
Privileged Exec Mode Commands
Enables digital certificate configuration and RSA Keypair management. Digital certificates are issued by Certificate Authorities
(CAs) and contain user or device specific information, such as name, public key, IP address, serial number, company name etc.
Use this command to generate, delete, export, or import encrypted RSA Keypairs and generate Certificate Signing Request
(CSR).
This command also enables trustpoint configuration. Trustpoints contain the CAs identity and configuration parameters.
Supported in the following platforms:
Access Points AP71XX
Syntax
crypto [key|pki]

crypto key [generate|zeroize]

crypto key generate rsa <RSA-KEYPAIR-NAME> <1024-2048> {on <DEVICE-NAME>}

crypto key zeroize rsa <RSA-KEYPAIR-NAME> {force {on <DEVICE-NAME>}|on <DEVICE-


NAME>}

crypto pki [authenticate|export|generate|import|zeroize]


crypto pki authenticate <TRUSTPOINT-NAME> <LOCATION-URL>
{background {on <DEVICE-NAME>}|on <DEVICE-NAME>}
crypto pki export request]
crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
[autogen-subject-name|subject-name]
crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
autogen-subject-name [<EXPORT-TO-URL>, email <SEND-TO-EMAIL>, fqdn <FQDN>,
ip-address <IP>]
crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
autogen-subject-name <EXPORT-TO-URL> {background {on <DEVICE-NAME>}|
on <DEVICE-NAME>}
crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
subject-name <COMMON-NAME> <COUNTRY> <STATE> <CITY> <ORGANIZATION>
<ORGANIZATION-UNIT> [<EXPORT-TO-URL>, email <SEND-TO-EMAIL>, fqdn <FQDN>,
ip-address <IP>]

crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]


<RSA-KEYPAIR-NAME> [autogen-subject-name|subject-name]
crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]
<RSA-KEYPAIR-NAME> autogen-subject-name {email <SEND-TO-EMAIL>, fqdn <FQDN>,
ip-address <IP>, on <DEVICE-NAME>}
crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]
<WORD> subject-name <COMMON-NAME> <COUNTRY> <STATE> <CITY> <ORGANIZATION>
<ORGANIZATION-UNIT> {email <SEND-TO-EMAIL>, fqdn <FQDN>, ip-address <IP>,
on <DEVICE-NAME>}

crypto pki import [certificate|crl]


crypto pki import [certificate|crl] <TRUSTPOINT-NAME> <IMPORT-FROM-URL>
{background {on <DEVICE-NAME>}|on <DEVICE-NAME>}
crypto pki zeroize trustpoint <TRUSTPOINT-NAME> {del-key {on <DEVICE-NAME>}|
on <DEVICE-NAME>}
PRIVILEGED EXEC MODE COMMANDS 3 - 23

Parameters
crypto key generate rsa <RSA-KEYPAIR-NAME> <1024-2048> {on <DEVICE-NAME>}

key Enables RSA Keypair management. Use this command to export, import, generate, or delete a
RSA key.
generate rsa Generates a new RSA Keypair
<RSA-KEYPAIR-NAME> <RSA-KEYPAIR-NAME> Specify the RSA Keypair name.
<1024-2048> <1024-2048> Sets the size of the RSA key in bits from 1024 - 2048. The default size is
1024.
on <DEVICE-NAME> Optional. Generates the new RSA Keypair on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

crypto key zeroize <RSA-KEYPAIR-NAME> {force {on <DEVICE-NAME>}|on <DEVICE-NAME>}

key Enables RSA Keypair management. Use this command to export, import, generate, or delete a
RSA key.
zeroize rsa Deletes a specified RSA Keypair
<RSA-KEYPAIR-NAME> <RSA-KEYPAIR-NAME> Specify the RSA Keypair name.
Note: All device certificates associated with this key will also be deleted.
force Optional. Forces deletion of all certificates associated with the specified RSA Keypair.
{on <DEVICE-NAME>} Optionally specify a device (AP/wireless controller) on which to force certificate deletion.
on <DEVICE-NAME> Optional. Deletes all certificates associated with the RSA Keypair on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

crypto pki authenticate <TRUSTPOINT-NAME> <URL> {background {on <DEVICE-NAME>}|


on <DEVICE-NAME>}

pki Enables Private Key Infrastructure (PKI) management. Use this command to authenticate, export,
generate, or delete a trustpoint and its associated CA certificates.
authenticate Authenticates a trustpoint and imports the corresponding CA certificate
<TRUSTPOINT-NAME> <TRUSTPOINT-NAME> Specify the trustpoint name.
<URL> Specify the CAs location in the following format:
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
Note: The CA certificate is imported from the specified location.
background Optional. Performs authentication in the background. Optionally specify a device (AP/wireless
{on <DEVICE-NAME>} controller) on which to perform authentication.
on <DEVICE-NAME> Optional. Performs authentication on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>


autogen-subject-name [<EXPORT-TO-URL>,email <SEND-TO-EMAIL>,fqdn <FQDN>,ip-address <IP>]

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
3 - 24 WiNG 5.4 FIPS Access Point CLI Reference Guide

export request Exports a CSR to the CA for digital identity certificate. The CSR contains applicants details and
RSA Keypairs public key.
[generate-rsa-key| Generates a new RSA Keypair or uses an existing RSA Keypair
use-rsa-key] generate-rsa-key Generates a new RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME>
use-rsa-key Uses an existing RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME> If generating a new RSA Keypair, specify a name for it. If an
existing RSA Keypair, specify its name.
autogen-subject-name Auto generates the subject name from configuration parameters. The subject name helps to
identify the certificate.
<EXPORT-TO-URL> Specify the CAs location, in the following format:
{background sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
{on <DEVICE-NAME}|
Note: The CSR is exported to the specified location.
on <DEVICE-NAME>}
background Optional. Performs export operation in the background
on <DEVICE-NAME> Optional. Performs export operation on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
email Exports CSR to a specified e-mail address
<SEND-TO-EMAIL> <SEND-TO-EMAIL> Specify the CAs e-mail address.
fqdn <FQDN> Exports CSR to a specified Fully Qualified Domain Name (FQDN)
<FQDN> Specify the CAs FQDN.
ip address <IP> Exports CSR to a specified device or system
<IP> Specify the CAs IP address.

crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>


subject-name <COUNTRY> <STATE> <CITY> <ORGANIZATION> <ORGANIZATION-UNIT>
[<EXPORT-TO-URL>,email <SEND-TO-EMAIL>,fqdn <FQDN>,ip-address <IP>]

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
export request Exports CSR to the CA for a digital identity certificate.The CSR contains the applicants details
and the RSA Keypairs public key.
[generate-rsa-key| Generates a new RSA Keypair or uses an existing RSA Keypair
use-rsa-key] generate-rsa-key Generates a new RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME>
use-rsa-key Uses an existing RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME> If generating a new RSA Keypair, specify a name for it. If
using an existing RSA Keypair, specify its name.
subject-name Specifies subject name to identify the certificate
<COMMON-NAME> <COMMON-NAME> Sets the common name used with the CA certificate. The name should
enable you to identify the certificate easily (2 to 64 characters).
<COUNTRY> Sets the deployment country name (2 character ISO code)
<STATE> Sets the state name (2 to 64 characters)
<CITY> Sets the city name (2 to 64 characters)
PRIVILEGED EXEC MODE COMMANDS 3 - 25

<ORGANIZATION> Sets the organization name (2 to 64 characters)


<ORGANIZATION-UNIT> Sets the organization unit (2 to 64 characters)
<EXPORT-TO-URL> Specify the CAs location, in the following format:
{background sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
{on <DEVICE-NAME}|
background Optional. Performs export operation in the background
on <DEVICE-NAME>}
on <DEVICE-NAME> Optional. Performs export operation on a specific device.
<DEVICE-NAME> Specify the name of the AP or wireless controller.
email Exports CSR to a specified e-mail address
<SEND-TO-EMAIL> <SEND-TO-EMAIL> Specify the CAs e-mail address.
fqdn <FQDN> Exports CSR to a specified FQDN
<FQDN> Specify the CAs FQDN.
ip address <IP> Exports CSR to a specified device or system
<IP> Specify the CAs IP address.

crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]


<RSA-KEYPAIR-NAME> autogen-subject-name [email <SEND-TO-EMAIL>,fqdn <FQDN>,ip-address
<IP>,on <DEVICE-NAME>]

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
generate Generates a CA certificate and a trustpoint
self-signed Generates a self-signed CA certificate and a trustpoint
<TRUSTPOINT-NAME> <TRUSTPOINT-NAME> Specify a name for the certificate and its trustpoint.
[generate-rsa-key| Generates a new RSA Keypair, or uses an existing RSA Keypair
use-rsa-key] generate-rsa-key Generates a new RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME>
use-rsa-key Uses an existing RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME> If generating a new RSA Keypair, specify a name for it. If using
an existing RSA Keypair, specify its name.
autogen-subject-name Auto generates the subject name from the configuration parameters. The subject name helps to
identify the certificate
email Exports CSR to a specified e-mail address
<SEND-TO-EMAIL> <SEND-TO-EMAIL> Specify the e-mail address of the CA.
fqdn <FQDN> Exports CSR to a specified FQDN
<FQDN> Specify the FQDN of the CA.
ip-address <IP> Exports CSR to a specified device or system
<IP> Specify the IP address of the CA.
on <DEVICE-NAME> Exports the CSR on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
3 - 26 WiNG 5.4 FIPS Access Point CLI Reference Guide

crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]


<RSA-KEYPAIR-NAME> subject-name <COMMON-NAME> <COUNTRY> <STATE> <CITY> <ORGANIZATION>
<ORGANIZATION-UNIT> {email <SEND-TO-EMAIL>,fqdn <FQDN>,ip-address <IP>,on <DEVICE-NAME>}

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
generate Generates a CA certificate and a trustpoint
self-signed Generates a self-signed CA certificate and a trustpoint
<TRUSTPOINT-NAME> <TRUSTPOINT-NAME> Specify a name for the certificate and its trustpoint.
[generate-rsa-key| Generates a new RSA Keypair, or uses an existing RSA Keypair
use-rsa-key] generate-rsa-key Generates a new RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME>
use-rsa-key Uses an existing RSA Keypair for digital authentication
<RSA-KEYPAIR-NAME> If generating a new RSA Keypair, specify a name for it. If using
an existing RSA Keypair, specify its name.
subject-name Specify a subject name to identify the certificate.
<COMMON-NAME> <COMMON-NAME> Specify the common name used with the CA certificate. The name
should enable you to identify the certificate easily.
<COUNTRY> Sets the deployment country name (2 character ISO code)
<STATE> Sets the state name (2 to 64 characters)
<CITY> Sets the city name (2 to 64 characters)
<ORGANIZATION> Sets the organization name (2 to 64 characters)
<ORGANIZATION-UNIT> Sets the organization unit (2 to 64 characters)
email Optional. Exports the CSR to a specified e-mail address
<SEND-TO-EMAIL> <SEND-TO-EMAIL> Specify the e-mail address of the CA.
fqdn <FQDN> Optional. Exports the CSR to the CA by providing the FQDN of the CA
<FQDN> Specify the FQDN of the CA.
ip address <IP> Optional. Exports the CSR to a specified device or system
<IP> Specify the IP address of the CA
crypto pki import [certificate|crl] <TRUSTPOINT-NAME> <IMPORT-FROM-URL>
{background {on <DEVICE-NAME>}|on <DEVICE--NAME>}

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
import Imports certificates, CRL, or a trustpoint to the selected device
[certificate|crl] Imports a signed server certificate or CRL
<TRUSTPOINT-NAME> certificate Imports signed server certificate
crl Imports CRL
<TRUSTPOINT-NAME> Specify the trustpoint name (should be authenticated).
<IMPORT-FROM-URL> Specify the signed server certificate or CRL source address in the following format:
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
PRIVILEGED EXEC MODE COMMANDS 3 - 27

background Optional. Performs import operation in the background


{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Performs import operation on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
on <DEVICE-NAME> Optional. Performs import operation on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

crypto pki zeroize trustpoint <TRUSTPOINT-NAME> {del-key {on <DEVICE-NAME>}|


on <DEVICE-NAME>}

pki Enables PKI management. Use this command to authenticate, export, generate, or delete a
trustpoint and its associated CA certificates.
zeroize Deletes a trustpoint and its associated CA certificate, server certificate, and private key
<TRUSTPOINT-NAME> <TRUSTPOINT-NAME> Specify the trustpoint name (should be authenticated).
del-key Optional. Deletes the private key associated with the server certificate
{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Deletes private key on a specific device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
on <DEVICE-NAME> Optional. Deletes the trustpoint on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708#crypto key generate rsa key 1025
RSA Keypair successfully generated
[G]ap7131-4AA708#

[G]ap7131-4AA708#crypto pki generate self-signed word generate-rsa-key word autogen-


subject-name fqdn word
Successfully generated self-signed certificate
[G]ap7131-4AA708#
[G]ap7131-4AA708#crypto pki zeroize trustpoint word del-key on ap7131-139B34
Successfully removed the trustpoint and associated certificates
%Warning: Applications associated with the trustpoint will start using default-trustpoint
[G]ap7131-4AA708#

[G]ap7131-4AA708#crypto pki authenticate word url background on ap7131-139B34


Import of CA certificate started in background
[G]ap7131-4AA708#

[G]ap7131-4AA708#crypto pki import trustpoint word url passphrase word on ap7131-139B34


Import operaton started in background
[G]ap7131-4AA708#
Related Commands

no Resets or disables the crypto commands


3 - 28 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.11 disable
Privileged Exec Mode Commands
Turns off (disables) the privileged mode command set. This command returns to the User Executable mode.
Supported in the following platforms:
Access Points AP71XX
Syntax
disable
Parameters
None
Examples
[G]ap7131-4AA708#disable
[G]ap7131-4AA708>
PRIVILEGED EXEC MODE COMMANDS 3 - 29

3.1.12 enable
Privileged Exec Mode Commands
Turns on (enables) the privileged mode command set. This command does not do anything in the Privilege Executable mode.
Supported in the following platforms:
Access Points AP71XX
Syntax
enable
Parameters
None
Examples
[G]ap7131-4AA708#enable
[G]ap7131-4AA708#
3 - 30 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.13 erase
Privileged Exec Mode Commands
Erases a devices file system. Erases the content of the specified storage device. Also erases the startup configuration to
restore the device to its default.
Supported in the following platforms:
Access Points AP71XX
Syntax
erase [startup-config]
Parameters
erase [startup-config]

startup-config Erases the wireless controllers startup configuration file. The startup configuration file is used to
configure the device when it reboots.
Examples
[G]ap7131-4AA708#erase startup-config
Erase startup-config? (y/n): n
[G]ap7131-4AA708#
PRIVILEGED EXEC MODE COMMANDS 3 - 31

3.1.14 exit
Privileged Exec Mode Commands
Ends the current CLI session and closes the session window
For more information, see exit.
Supported in the following platforms:
Access Points AP71XX
Syntax
exit
Parameters
None
Examples
[G]ap7131-4AA708#exit
3 - 32 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.15 fips-license
Privileged Exec Mode Commands
Pushes FIPS-license from Controller onto an adopted AP. FIPS licenses can only be managed from a FIPS controller. Key
zeroization will not zeroize FIPS license.
FIPS AP licenses for AP can also be generated (using the proprietary licgen tool) following mandatory parameters:
AP serial number (10 digit serial is also accepted)
Feature type: FIPS-AP7161, FIPS-AP7131, FIPS-AP7181
Product type: RF7000 (or any available option)
Number of licenses: 1 or >1. (if >1, then it can be installed on a Virtual Controller and admin can push licenses to its adopted
APs) if this AP gets adopted to any Controller, as part of config push from Controller, licenses will be removed from AP. To
avoid this situation, admin should install license via device profile on a Controller.

NOTE: FIPS AP licenses are specific to AP type but installation is not limited to AP type.
AP7181 license can be installed either on AP7131 or AP7161 or vice versa but cannot be
used without adopting AP7131 or AP7161 as a Virtual Controller.

Supported in the following platforms:


Access Points AP71XX
Syntax
fips-license [ap7131|ap7161|ap7181]on <WORD>
Parameters
fips-license [ap7131|ap7161|ap7181] on <WORD>

fips-license Pushes FIPS-license from controller onto an adopted AP. Select the AP type.
[ap7131|ap7161|ap7181] ap7131 Specifies the device type as AP7131
on <WORD>
ap7161 Specifies the device type as AP7161
ap7181 Specifies the device type as AP7181
on Specify the device to apply the fips-license.
<WORD> Specify the index list of the APs. For e.g. 10-20,25,30-35, specify these
indices from 'show wireless ap configured' CLI command

NOTE: This command can be executed in User Executable mode also.


Examples
[G]ap7131-139B34#fips-license ap7131 on 1
[[G]ap7131-139B34#

[G]ap7131-139B34#show wireless ap configured


---------------------------------------------------------------------------------------
IDX NAME MAC PROFILE RF-DOMAIN ADOPTED-BY FIPS-LICENSE
---------------------------------------------------------------------------------------
1 ap7131-139B34 00-23-68-13-9B-34 default-ap71xx default un-adopted False
---------------------------------------------------------------------------------------
[G]ap7131-139B34#
PRIVILEGED EXEC MODE COMMANDS 3 - 33

[G]ap7131-139B34#sh wireless ap configured


---------------------------------------------------------------------------------------
IDX NAME MAC PROFILE RF-DOMAIN ADOPTED-BY DEVICE-TYPE FIPS-LICENSE
---------------------------------------------------------------------------------------
1 MESH-ROOT 5C-0E-8B-16-D6-38 ROOT default 5C-0E-8B-18-A5-40 ap7181 True
---------------------------------------------------------------------------------------
[[G]ap7131-139B34

[G]ap7131-139B34#fips-license ap7181 on 1
Aug 24 16:49:57 2012: USER: cfgd: Sent FIPS license for installation to 5C-0E-8B-16-D6-38
Aug 24 16:49:57 2012: USER: cfgd: Rcvd FIPS license installation success msg from 5C-0E-
8B-16-D6-38; updated license count
[G]ap7131-139B34
3 - 34 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.16 halt
Privileged Exec Mode Commands
Stops (halts) a device or a wireless controller. Once halted, the system must be restarted manually.
This command stops the device immediately. No indications or notifications are provided while the device shuts down.
Supported in the following platforms:
Access Points AP71XX
Syntax
halt {on <DEVICE-NAME>}
Parameters
halt {on <DEVICE-NAME>}

halt Halts a device or a wireless controller


{on <DEVICE-NAME>} on <DEVICE-NAME> Optional. Enter the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708#halt on ap7131-5BB609
[G]ap7131-4AA708#
PRIVILEGED EXEC MODE COMMANDS 3 - 35

3.1.17 join-cluster
Privileged Exec Mode Commands
Adds a wireless controller, as cluster member, to an existing cluster of wireless controllers. Use this command to add a new
wireless controller to an existing cluster. Before a wireless controller can be added to a cluster, a static address must be
assigned to it.
Supported in the following platforms:
Access Points AP71XX
Syntax
join-cluster <IP> user <USERNAME> password <WORD> {level|mode}
join-cluster <IP> user <USERNAME> password <WORD> {level [1|2]|mode [active|standby]}
Parameters
join-cluster <IP> user <USERNAME> password <WORD> {level [1|2]|mode [active|standby]}

join-cluster Adds a new wireless controller to an existing cluster


<IP> Specify the IP address of the cluster member.
user <USERNAME> Specify a user account with super user privileges on the new cluster member
password <WORD> Specify password for the account specified in the user parameter
level [1|2] Configures the routing level
1 Configures level 1 routing
2 Configures level 2 routing
mode [active|standby] Configures the cluster mode
active Configures cluster mode as active
standby Configures cluster mode as standby
Usage Guidelines
To add a wireless controller to an existing cluster:
A static IP address must be configured on the wireless controller being added.
Username and password of one of the following accounts, superuser, network admin, system admin, or operator account
for the new wireless controller must be provided.
Once a wireless controller is added to the cluster, a manual write memory command must be executed. Without this
command, the configuration will not persist across reboots.
Examples
[G]ap7131-4AA708#join-cluster 172.16.10.10 user admin password motorola
Joining cluster at 172.16.10.10... Done
Please execute write memory to save cluster configuration.

[G]ap7131-4AA708#
Related Commands

cluster Initiates the cluster context. The cluster context provides centralized management to configure
all cluster members from any one member.
create-cluster Creates a new cluster on a specified device
3 - 36 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.18 l2tpv3
Privileged Exec Mode Commands
Establishes or brings down a L2TPV3 tunnel
Supported in the following platforms:
Access Points , AP71XX
Syntax
l2tpv3 tunnel [<TUNNEL-NAME>|all]

l2tpv3 tunnel <TUNNEL-NAME> [down|session|up]


l2tpv3 tunnel <TUNNEL-NAME> [down|up] {on <DEVICE-NAME>}
l2tpv3 tunnel <TUNNEL-NAME> session <SESSION-NAME> [down|up] {on <DEVICE-NAME>}

l2tpv3 tunnel all [down|up] {on <DEVICE-NAME>}


Parameters
l2tpv3 tunnel <TUNNEL-NAME> [down|up] {on <DEVICE-NAME>}

l2tpv3 tunnel Establishes or brings down L2TPV3 tunnel


<TUNNEL-NAME> <TUNNEL-NAME> Specify the tunnels name
[down|up] down Brings down the specified tunnel
up Establishes the specified tunnel
on <DEVICE-NAME> Optional. Establishes or brings down a tunnel on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

l2tpv3 tunnel <TUNNEL-NAME> session <SESSION-NAME> [down|up] {on <DEVICE-NAME>}

l2tpv3 tunnel Establishes or brings down L2TPV3 tunnel


<TUNNEL-NAME> <TUNNEL-NAME> Specify the tunnels name
session Establishes or brings down a session in the specified tunnel
<SESSION-NAME> <SESSION-NAME> Specify the session name
[down|up] down Brings down the specified tunnel session
up Establishes the specified tunnel session
on <DEVICE-NAME> Optional. Establishes or brings down a tunnel session on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

l2tpv3 tunnel all [down|up] {on <DEVICE-NAME>}

l2tpv3 tunnel Establishes or brings down L2TPV3 tunnel


all [down|up] Establishes or brings down all L2TPV3 tunnels
down Brings down all tunnels
up Establishes all tunnels
on <DEVICE-NAME> Optional. Establishes or brings down all tunnels on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
PRIVILEGED EXEC MODE COMMANDS 3 - 37

Examples
[G]ap7131-4AA708#l2tpv3 tunnel Tunnel1 session Tunnel1Session1 up on ap7131-5BB609

NOTE: For more information on the L2TPV3 tunnel configuration mode and commands,
see Chapter 22, L2TPV3-POLICY.
3 - 38 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.19 logging
Privileged Exec Mode Commands
Modifies message logging settings
Supported in the following platforms:
Access Points AP71XX
Syntax
logging monitor {<0-7>|alerts|critical|debugging|emergencies|errors|informational|
warnings|notifications}
Parameters
logging monitor {<0-7>|alerts|critical|debugging|emergencies|errors|informational|
notifications|warnings}

monitor Sets terminal lines logging levels. The logging severity levels can be set from 0 - 7. The system
configures default settings, if no logging severity level is specified.
<0-7> Optional. Enter the logging severity level from 0 - 7. The various levels and their
implications are:
alerts Optional. Immediate action needed (severity=1)
critical Optional. Critical conditions (severity=2)
debugging Optional. Debugging messages (severity=7)
emergencies Optional. System is unusable (severity=0)
errors Optional. Error conditions (severity=3)
informational Optional.Informational messages (severity=6)
notifications Optional. Normal but significant conditions (severity=5)
warnings Optional. Warning conditions (severity=4)
Examples
[G]ap7131-4AA708#logging monitor warnings
[G]ap7131-4AA708#

[G]ap7131-4AA708#logging monitor 2
[G]ap7131-4AA708#
Related Commands

no Resets terminal lines logging levels


PRIVILEGED EXEC MODE COMMANDS 3 - 39

3.1.20 mint
Privileged Exec Mode Commands
Uses MiNT protocol to perform a ping and a traceroute to a remote device
Supported in the following platforms:
Access Points AP71XX
Syntax
mint [ping|security|traceroute]

mint ping <MINT-ID> {count <1-10000>|size <1-64000>|timeout <1-10>}

mint security [approve-request [<MAC>|all]|create-security-trustpoint]

mint traceroute <MINT-ID> {destination-port <1-65535>|max-hops <1-255>|


source-port <1-65535>|timeout <1-255>}
Parameters
mint ping MINT-ID {count <1-10000>|size <1-64000>|timeout <1-10>}

ping <MINT-ID> Sends a MiNT echo message to a MiNT destination


<MINT-ID> Specify the MiNT destination ID to ping.
count <1-10000> Optional. Sets the number of times to ping the MiNT destination
<1-10000> Specify a value from 1 - 60. The default is 3.
size <1-64000> Optional. Sets the MiNT payload size in bytes
<1-64000> Specify a value from 1 - 640000 bytes. The default is 64 bytes.
timeout <1-10> Optional. Sets a response time in seconds
<1-10> Specify a value from 1 - 10 seconds. The default is 1 second.

mint security [approve-request [<MAC>|all]|create-security-trustpoint]

security Invokes MiNT security commands


approve request Approves requests to join MiNT security domain
[<MAC>|all] <MAC> Approves request from a specific device. Specify the devices MAC address.
all Approves all pending requests.
create-security- Creates a new trustpoint to use with MiNT
trustpoint

mint traceroute MINT-ID {destination-port <1-65535>|max-hops <1-255>|


source-port <1-65535>|timeout <1-255>}

traceroute Prints the route packets trace to a device


<MINT-ID> <MINT-ID> Specify the MiNT destination ID.
destination-port Optional. Sets the Equal-cost Multi-path (ECMP) routing destination port
<1-65535> <1-65535> Specify a value from 1 - 65535. The default port is 45.
max-hops <1-255> Optional. Sets the maximum number of hops a traceroute packet traverses in the forward direction
<1-255> Specify a value from 1 - 255. The default is 30.
3 - 40 WiNG 5.4 FIPS Access Point CLI Reference Guide

source-port Optional.Sets the ECMP source port


<1-65535> <1-65535> Specify a value from 1 - 65535. The default port is 45.
timeout <1-255> Optional. Sets the minimum response time period
<1-65535> Specify a value from 1 - 255 seconds. The default is 30 seconds.
Examples
[G]ap7131-4AA708#mint ping 70.37.FA.BF count 20 size 128
MiNT ping 70.37.FA.BF with 128 bytes of data.
Response from 70.37.FA.BF: id=1 time=0.292 ms
Response from 70.37.FA.BF: id=2 time=0.206 ms
Response from 70.37.FA.BF: id=3 time=0.184 ms
Response from 70.37.FA.BF: id=4 time=0.160 ms
Response from 70.37.FA.BF: id=5 time=0.138 ms
Response from 70.37.FA.BF: id=6 time=0.161 ms
Response from 70.37.FA.BF: id=7 time=0.174 ms
Response from 70.37.FA.BF: id=8 time=0.207 ms
Response from 70.37.FA.BF: id=9 time=0.157 ms
Response from 70.37.FA.BF: id=10 time=0.153 ms
Response from 70.37.FA.BF: id=11 time=0.159 ms
Response from 70.37.FA.BF: id=12 time=0.173 ms
Response from 70.37.FA.BF: id=13 time=0.156 ms
Response from 70.37.FA.BF: id=14 time=0.209 ms
Response from 70.37.FA.BF: id=15 time=0.147 ms
Response from 70.37.FA.BF: id=16 time=0.203 ms
Response from 70.37.FA.BF: id=17 time=0.148 ms
Response from 70.37.FA.BF: id=18 time=0.169 ms
Response from 70.37.FA.BF: id=19 time=0.164 ms
Response from 70.37.FA.BF: id=20 time=0.177 ms

--- 70.37.FA.BF ping statistics ---


20 packets transmitted, 20 packets received, 0% packet loss
round-trip min/avg/max = 0.138/0.177/0.292 ms
PRIVILEGED EXEC MODE COMMANDS 3 - 41

3.1.21 no
Privileged Exec Mode Commands
Use the no command to revert a command or set parameters to their default. This command is useful to turn off an enabled
feature or set defaults for a parameter.
The no commands have their own set of parameters that can be reset.
Supported in the following platforms:
Access Points AP71XX
Syntax
no [adoption|captive-portal|crypto|fips-license|logging|page|service|terminal|upgrade|
wireless]

no adoption {on <DEVICE-OR-DOMAIN-NAME>}

no captive-portal client [captive-portal <CAPTIVE-PORTAL-NAME>|mac <MAC>]


{on <DEVICE-OR-DOMAIN-NAME>}

no crypto pki [server|trustpoint]


no crypto pki [server|trustpoint] <TRUSTPOINT-NAME> {del-key {on <DEVICE-NAME>}|
on <DEVICE-NAME>}

no fips-license [ap7131|ap7161|ap7181] on <WORD>


no logging monitor

no page
no service [cli-tables-expand|mint]
no service [cli-tables-expand {<LINE>}
no service mint silence

no terminal [length|width]

no upgrade <PATCH-NAME> {on <DEVICE-NAME>}

no wireless client [all|<MAC>]


no wireless client all {filter|on}
no wireless client all {filter [wlan <WLAN-NAME>]}
no wireless client all {on <DEVICE-OR-DOMAIN-NAME>} {filter [wlan <WLAN-NAME>]}
no wireless client mac <MAC> {on <DEVICE-OR-DOMAIN-NAME>}
Parameters
no adoption {on <DEVICE-OR-DOMAIN-NAME>}

no adoption Resets adoption status of a specified device or all devices


{on <DEVICE-OR- <DEVICE-OR-DOMAIN-NAME> Optional. Enter the name of the AP, wireless controller, or
DOMAIN-NAME>} RF Domain.

no captive-portal client [captive-portal <CAPTIVE-PORTAL-NAME>|<MAC>]


{on <DEVICE-OR-DOMAIN-NAME>}

no captive-portal client Disconnects captive portal clients from the network


captive-portal Disconnects captive portal clients
<CAPTIVE-PORTAL- <CAPTIVE-PORTAL-NAME> Specify the captive portal name.
NAME>
<MAC> Disconnects a specified client
<MAC> Specify the clients MAC address.
3 - 42 WiNG 5.4 FIPS Access Point CLI Reference Guide

on <DEVICE-OR- Optional. Disconnects captive portal clients or a specified client on a specified device or
DOMAIN-NAME> RF Domain
<DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or
RF Domain.

no crypto pki [server|trustpoint] <TRUSTPOINT-NAME> {del-key {on <DEVICE-NAME>}|


on <DEVICE-NAME>}

no crypto pki Deletes all PKI authentications


[server|trustpoint] Deletes PKI authentications, such as server certificates and trustpoints
<TRUSTPOINT-NAME> server Deletes server certificates
trustpoint Deletes a trustpoint and its associated certificates
The following keyword is common to the server and trustpoint parameters:
<TURSTPOINT-NAME> Deletes a trustpoint or its server certificate. Specify the
trustpoint name.
del-key Optional. Deletes the private key associated with a server certificate or trustpoint. The operation
{on <DEVICE-NAME>} will fail if the private key is in use by other trustpoints.
on <DEVICE-NAME> Deletes the private key on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

no fips-license [ap7131|ap7161|ap7181] on <WORD>

no fips-license Deletes fips-license on the specified device. Select the dveice type.
[ap7131|ap7161|ap7181] ap7131 Specifies the devcie type as AP7131
ap7161 Specifies the devcie type as AP7161
ap7181 Specifies the devcie type as AP7181
{on <WORD>} Optional. Deletes the license on the specified device..
on <WORD> Deletes the license key on a specified device

no logging monitor

no logging monitor Resets terminal lines message logging levels

no page

no page Resets wireless controller paging function to its default. Disabling the page command displays
the CLI command output at once, instead of page by page.

no service [cli-tables-expand {<LINE>}|locator {on <DEVICE-NAME>}]

no service Disables LEDs on AP300s or a specified device in the WLAN. It also resets the CLI table expand
and MiNT protocol configurations.
cli-tables-expand Resets the expand configuration of the CLI table, so that the table does not expand in the
{<LINE>} drop-down format
locator Disables LEDs on a specified device
{on <DEVICE-NAME>} <DEVICE-NAME> Optional. Specify the name of the AP or wireless controller.
PRIVILEGED EXEC MODE COMMANDS 3 - 43

no service mint silence

no service mint silence Disables LEDs on AP300s or a specified device in the WLAN. It also resets the CLI table expand
and MiNT protocol configurations.
mint Resets MiNT protocol configurations. Disables ping and traceroute parameters
silence Disables MiNT echo messaging and tracing of route packets

no upgrade <PATCH-NAME> {on <DEVICE-NAME>}

no upgrade Removes a patch installed on a specified device


<PATCH-NAME> <PATCH-NAME> Specify the name of the patch.
on <DEVICE-NAME> Optional. Removes a patch on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

no terminal [length|width]

no terminal [length|width] Resets the width of the terminal window, or the number of lines displayed within the terminal
window
length Resets the number of lines displayed on the terminal window to its default
width Resets the width of the terminal window to its default.

no wireless client all {filter [wlan <WLAN-NAME>]}

no wireless client all Disassociates all wireless clients on a specified device or domain
filter wlan Optional. Specifies an additional client selection filter
<WLAN-NAME> wlan Filters clients on a specified WLAN
<WLAN-NAME> Specify the WLAN name.

no wireless client all {on <DEVICE-OR-DOMAIN-NAME>} {filter [wlan <WLAN-NAME>]}

no wireless client all Disassociates all clients on a specified device or domain


on <DEVICE-OR-DOMAIN- <DEVICE-OR-DOMAIN-NAME> Optional. Specify the name of the AP, wireless controller,
NAME> or RF Domain.
filter Optional. Specifies an additional client selection filter
[wlan <WLAN-NAME>] wlan Filters clients on a specified WLAN
<WLAN-NAME> Specify the WLAN name.

no wireless client mac <MAC> {on <DEVICE-OR-DOMAIN-NAME>}

no wireless client Disassociates a single wireless client on a specified device or RF Domain


mac <MAC> mac <MAC> Specify the wireless clients MAC address in the AA-BB-CC-DD_EE-FF format
on <DEVICE-OR- Optional. Specifies the name of the AP, wireless controller, or RF Domain to which the specified
DOMAIN-NAME> client is associated
3 - 44 WiNG 5.4 FIPS Access Point CLI Reference Guide

Usage Guidelines
The no command negates any command associated with it. Wherever required, use the same parameters associated with the
command getting negated.
Examples
[G]ap7131-4AA708#no adoption
[G]ap7131-4AA708#

[G]ap7131-4AA708#no page
[G]ap7131-4AA708#

[G]ap7131-4AA708#no service cli-tables-expand line


[G]ap7131-4AA708#
Related Commands

auto-provisioning- Resets the adoption state of a device and all devices adopted to it
policy
captive portal Manages captive portal clients
logging Modifies message logging settings
page Resets wireless controller paging function to its default
service Performs different functions depending on the parameter passed
terminal Sets the length or the number of lines displayed within the terminal window
upgrade Upgrades software image on a device
wireless-client Manages wireless clients
PRIVILEGED EXEC MODE COMMANDS 3 - 45

3.1.22 page
Privileged Exec Mode Commands
Toggles wireless controller paging. Enabling this command displays the CLI command output page by page, instead of running
the entire output at once.
Supported in the following platforms:
Access Points AP71XX
Syntax
page
Parameters
None
Examples
[G]ap7131-4AA708#page
[G]ap7131-4AA708#
Related Commands

no Disables wireless controller paging


3 - 46 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.23 ping
Privileged Exec Mode Commands
Sends Internet Controller Message Protocol (ICMP) echo messages to a user-specified location
Supported in the following platforms:
Access Points AP71XX
Syntax
ping <IP/HOSTNAME> {count <1-10000>|dont-fragment|size <1-64000>}
Parameters
ping <IP/HOSTNAME> {count <1-10000>|dont-fragment|size <1-64000>}

<IP/HOSTNAME> Specify the destination IP address or hostname to ping. When entered without any parameters,
this command prompts for an IP address or a hostname.
count <1-10000> Optional. Sets the number of times to ping the specified destination
<1-10000> Specify a value from 1 - 10000. The default is 5.
dont-fragment Optional. Sets the dont fragment bit
size <1-64000> Optional. Sets the size of ping payload in bytes
<1-64000> Specify the ping payload size from 1 - 64000. The default is 100 bytes.
Examples
[G]ap7131-4AA708#ping 172.16.10.4 count 6
PING 172.16.10.4 (172.16.10.4) 100(128) bytes of data.
108 bytes from 172.16.10.4: icmp_seq=1 ttl=64 time=3.93 ms
108 bytes from 172.16.10.4: icmp_seq=2 ttl=64 time=0.367 ms
108 bytes from 172.16.10.4: icmp_seq=3 ttl=64 time=0.328 ms
108 bytes from 172.16.10.4: icmp_seq=4 ttl=64 time=0.295 ms
108 bytes from 172.16.10.4: icmp_seq=5 ttl=64 time=0.340 ms
108 bytes from 172.16.10.4: icmp_seq=6 ttl=64 time=0.371 ms
--- 172.16.10.4 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5001ms
rtt min/avg/max/mdev = 0.295/0.939/3.936/1.340 ms
[G]ap7131-4AA708#
PRIVILEGED EXEC MODE COMMANDS 3 - 47

3.1.24 re-elect
Privileged Exec Mode Commands
Re-elects tunnel wireless controller
Supported in the following platforms:
Access Points AP71XX
Syntax
re-elect tunnel-controller {<WORD> {on <DEVICE-NAME>}|on <DEVICE-NAME>}
Parameters
re-elect tunnel-controller {<WORD> {on <DEVICE-NAME>}|on <DEVICE-NAME>}

re-elect Re-elects tunnel wireless controller


tunnel-controller
<WORD> Optional. Re-elects tunnel wireless controller on all devices whose preferred tunnel wireless
{on <DEVICE-NAME>} controller name matches <WORD>
on <DEVICE-NAME> Optional. Re-elects tunnel wireless controller on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
on <DEVICE-NAME> Optional. Re-elects tunnel wireless controller on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708#re-elect tunnel-controller
OK
[G]ap7131-4AA708#
3 - 48 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.25 reload
Privileged Exec Mode Commands
Halts the wireless controller and performs a warm reboot of the device
Supported in the following platforms:
Access Points AP71XX
Syntax
reload {cancel|force|in|on}

reload {on <DEVICE-OR-DOMAIN-NAME>}

reload {cancel|force} {on <DEVICE-OR-DOMAIN-NAME>}

reload {in <1-999>} {list|on}


reload {in <1-999>} {list {<LINE>|all}|on <DEVICE-OR-DOMAIN-NAME>}
reload {in <1-999>} {on <DEVICE-OR-DOMAIN-NAME>}
Parameters
reload {on <DEVICE-OR-DOMAIN-NAME>}

on <DEVICE-OR-DOMIN- Optional. Performs reload on an AP, wireless controller, or RF Domain. Halts a system and
NAME> performs a warm reboot
<DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or
RF Domain.

reload {cancel|force} {on <DEVICE-OR-DOMAIN-NAME>}

cancel Optional. Cancels pending reloads


force Optional. Forces reboot, while ignoring conditions like upgrade in progress, unsaved changes
etc.
on <DEVICE-OR-DOMAIN- Optional. Cancels or forces a reload on an a specified device
NAME> <DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or
RF Domain.
reload {in <1-999>} {list {<LINE>|all}|on <DEVICE-OR-DOMAIN-NAME>}

in <1-999> Optional. Schedules a reload after a specified time period


<1-999> Specify the time from 1 - 999 minutes.
list {<LINE>|all} Optional. Reloads all adopted devices or specified devices
<LINE> Optional. Reloads listed devices. List all devices (to be reloaded) separated by
space
all Optional. Reloads all devices adopted by this wireless controller
on <DEVICE-OR-DOMAIN- Optional. Reloads on a specified device or RF Domain
NAME> <DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or
RF Domain.
Examples
[G]ap7131-4AA708#reload force on ap7131-5BB609
[G]ap7131-4AA708#
PRIVILEGED EXEC MODE COMMANDS 3 - 49

3.1.26 self
Privileged Exec Mode Commands
Enters the logged devices configuration context
Supported in the following platforms:
Access Points AP71XX
Syntax
self
Parameters
None
Examples
[G]ap7131-139B34#self
Enter configuration commands, one per line. End with CNTL/Z.
[G]ap7131-139B34(config-device-00-23-68-13-9B-34)#
3 - 50 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.27 ssh
Privileged Exec Mode Commands
Opens a Secure Shell (SSH) connection between two network devices
Supported in the following platforms:
Access Points AP71XX
Syntax
ssh <IP/HOSTNAME> <USERNAME>
Parameters
ssh <IP/HOSTNAME> <USERNAME>

<IP/HOSTNAME> Specify the remote systemss IP address or hostname.


<USERNAME> Specify the name of the user requesting the SSH connection.
Usage Guidelines
To exit of the other devices context, use the command that is relevant to that device.
Examples
[G]ap7131-4AA708#ssh 172.16.10.8 admin
admin@172.16.10.8's password:
rfs4000-880DA7>
PRIVILEGED EXEC MODE COMMANDS 3 - 51

3.1.28 terminal
Privileged Exec Mode Commands
Sets the number of characters per line, and the number of lines displayed within the terminal window
Supported in the following platforms:
Access Points AP71XX
Syntax
terminal [length|width] <0-512>
Parameters
terminal [length|width] <0-512>

length <0-512> Sets the number of lines displayed on a terminal window


<0-512> Specify a value from 0 - 512.
width <0-512> Sets the width or number of characters displayed on the terminal window
<0-512> Specify a value from 0 - 512.
Examples
[G]ap7131-4AA708#terminal length 150
[G]ap7131-4AA708#

[G]ap7131-4AA708#terminal width 215


[G]ap7131-4AA708#
Related Commands

no Resets the width of the terminal window or the number of lines displayed on a terminal window
3 - 52 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.29 time-it
Privileged Exec Mode Commands
Verifies the time taken by a particular command between request and response
Supported in the following platforms:
Access Points AP71XX
Syntax
time-it <COMMAND>
Parameters
time-it <COMMAND>

time-it <COMMAND> Verifies the time taken by a particular command to execute and provide a result
<COMMAND> Specify the command to time execution.
Examples
[G]ap7131-4AA708#time-it config terminal
Enter configuration commands, one per line. End with CNTL/Z.
That took 0.00 seconds..
[G]ap7131-4AA708(config)#
PRIVILEGED EXEC MODE COMMANDS 3 - 53

3.1.30 traceroute
Privileged Exec Mode Commands
Traces the route to a defined destination
Use --help or -h to display a complete list of parameters for the traceroute command
Supported in the following platforms:
Access Points AP71XX
Syntax
traceroute <LINE>
Parameters
traceroute <LINE>

<LINE> Traces route to a destination IP address or hostname


<LINE> Specify a traceroute argument. For example, service traceroute-h.
Examples
[G]ap7131-4AA708#traceroute 172.16.10.2
traceroute to 172.16.10.2 (172.16.10.2), 30 hops max, 38 byte packets
1 172.16.10.1 (172.16.10.1) 3002.008 ms !H 3002.219 ms !H 3003.945 ms !H
[G]ap7131-4AA708#
3 - 54 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.31 upgrade
Privileged Exec Mode Commands
Upgrades software image on a device
Supported in the following platforms:
Access Points AP71XX
Syntax
upgrade [<FILE>|<URL>] {background|on <DEVICE-NAME>}
Parameters
upgrade [<FILE>|<URL>] {background|on <DEVICE-NAME>}

<URL> Specify the target firmware image location in the following format:
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
background Optional. Performs upgrade in the background
on <DEVICE-NAME> Optional. Upgrades the software image on a remote AP or wireless controller
<DEVICE-NAME> Specify the name of the AP or wireless controller.
Examples
[G]ap7131-4AA708#upgrade sftp://root:symbol@172.16.10.10/AP7131.img
var2 is 10 percent full
/tmp is 2 percent full
Free Memory 161896 kB
FWU invoked via Linux shell
Running from partition /dev/hda5, partition to

[G]ap7131-4AA708#upgrade sftp://root:symbol@172.16.10.10/AP7131.img

Running from partition /dev/mtdblock7, partition to update is /dev/mtdblock6


Related Commands

no Removes a patch installed on a specified device


PRIVILEGED EXEC MODE COMMANDS 3 - 55

3.1.32 upgrade-abort
Privileged Exec Mode Commands
Aborts an ongoing software image upgrade
Supported in the following platforms:
Access Points AP71XX
Syntax
upgrade-abort {on <DEVICE-OR-DOMAIN-NAME>}
Parameters
upgrade-abort {on <DEVICE-OR-DOMAIN-NAME>}

upgrade-abort Aborts an ongoing software image upgrade


on <DEVICE-OR-DOMAIN- Optional. Aborts an ongoing software image upgrade on a specified device
NAME> <DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or
RF Domain.
Examples
[G]ap7131-0F1962#upgrade sftp://cntg47:123symbol@192.168.0.4/AP71XX-5.4.10.0-189
992GX.img
Jan 01 00:10:55 2013: ap7131-0F1962 : %DIAG-6-NEW_LED_STATE: LED state message
FIRMWARE_UPGRADE_STARTED from module led_msg
Running from partition /dev/mtdblock7
Validating image file header
Making file system
Extracting files (this may take some time)..............
Update error: Aborted
Jan 01 00:11:32 2013: %FWU-6-FWUABORTED: Firmware update aborted
Jan 01 00:11:33 2013: ap7131-0F1962 : %DIAG-6-NEW_LED_STATE: LED state message
FIRMWARE_UPGRADE_ENDED from module led_msg

Session on which upgrade-abort command is executed

[G]ap7131-0F1962#upgrade-abort
[G]ap7131-0F1962#Jan 01 00:11:32 2013: %FWU-6-FWUABORTED: Firmware update aborted
Jan 01 00:11:33 2013: ap7131-0F1962 : %DIAG-6-NEW_LED_STATE: LED state message
FIRMWARE_UPGRADE_ENDED from module led_msg
3 - 56 WiNG 5.4 FIPS Access Point CLI Reference Guide

3.1.33 watch
Privileged Exec Mode Commands
Repeats a specified CLI command at periodic intervals
Supported in the following platforms:
Access Points AP71XX
Syntax
watch <1-3600> <LINE>
Parameters
watch <1-3600> <LINE>

watch <1-3600> Repeats a CLI command at a specified interval


<1-3600> Select an interval from 1- 3600 seconds. Pressing CTRL-Z halts execution of the command
<LINE> Specify the CLI command name.
Examples
[G]ap7131-4AA708#watch 1 show clock
[G]ap7131-4AA708#
PRIVILEGED EXEC MODE COMMANDS 3 - 57

3.1.34 zeroize
Privileged Exec Mode Commands
Conducts a zeroization of critical security parameters by restarting the access point and restoring its default configuration. A
new, more secure, password will then be required.
Supported in the following platforms:
Access Points AP71XX
Syntax
zeroize keys
Parameters
zeroize keys

zeroize keys on Conducts a zeroization of critical security parameters by restarting the access point and restoring
<DEVICE-NAME> its default configuration.
Examples
[G]ap7131-139B34#zeroize keys
[G]ap7131-139B34#
3 - 58 WiNG 5.4 FIPS Access Point CLI Reference Guide
CHAPTER 4
GLOBAL CONFIGURATION COMMANDS
This chapter summarizes the global-configuration commands in the CLI command structure.
The term global indicates characteristics or features effecting the system as a whole. Use the Global Configuration Mode to
configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or
protocols). Use the configure terminal command (under PRIV EXEC) to enter the global configuration mode.
The example below describes the process of entering the global configuration mode from the privileged EXEC mode:
[G]ap7131-4AA708#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
[G]ap7131-4AA708(config)#

NOTE: The system prompt changes to indicate you are now in the global configuration
mode. The prompt consists of the device host name followed by (config) and a pound
sign (#).

Commands entered in the global configuration mode update the running configuration file as soon as they are entered.
However, these changes are not saved in the startup configuration file until a commit write memory command is issued.
[G]ap7131-4AA708(config)#?
Global configuration commands:
aaa-policy Configure a
authentication/accounting/authorization policy
aaa-tacacs-policy Configure an
authentication/accounting/authorization TACACS
policy
ap71xx AP71XX access point
association-acl-policy Configure an association acl policy
auto-provisioning-policy Configure an auto-provisioning policy
captive-portal Configure a captive portal
clear Clear
customize Customize the output of summary cli commands
device Configuration on multiple devices
device-categorization Configure a device categorization object
dhcp-server-policy DHCP server policy
dns-whitelist Configure a whitelist
event-system-policy Configure a event system policy
firewall-policy Configure firewall policy
help Description of the interactive help system
host Enter the configuration context of a device by
specifying its hostname
igmp-snoop-policy Create igmp snoop policy
inline-password-encryption Store encryption key in the startup
4-2 WiNG 5.4 FIPS Access Point CLI Reference Guide

configuration file
ip Internet Protocol (IP)
l2tpv3 L2tpv3 tunnel protocol
mac MAC configuration
management-policy Configure a management policy
meshpoint Create a new MESHPOINT or enter MESHPOINT
configuration context for one or more
meshpoint-qos-policy Configure a meshpoint quality-of-service policy
mint-policy Configure the global mint policy
nac-list Configure a network access control list
no .
password-encryption Encrypt passwords in configuration
profile Profile related commands - if no parameters are
given, all profiles are selected
radio-qos-policy Configure a radio quality-of-service policy
radius-group Configure radius user group parameters
radius-server-policy Create device onboard radius policy
radius-user-pool-policy Configure Radius User Pool
rf-domain Create a RF Domain or enter rf-domain context
for one or more rf-domains
role-policy Role based firewall policy
routing-policy Policy Based Routing Configuration
self Config context of the device currently logged
into
smart-rf-policy Configure a Smart-RF policy
wips-policy Configure a wips policy
wlan Create a new WLAN or enter WLAN configuration
context for one or more WLANs
wlan-qos-policy Configure a wlan quality-of-service policy
write Write running configuration to memory or
terminal
clrscr Clears the display screen
commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
revert Revert changes
service Service Commands
show Show running system information
[G]ap7131-4AA708(config)#
GLOBAL CONFIGURATION COMMANDS 4-3

4.1 Global Configuration Commands


Table 4.1 summarizes Global Configuration commands.
Table 4.1 Global Config Commands

Command Description Reference


aaa-policy Configures a AAA policy page 4-5
aaa-tacacs-policy Configures AAA-TACACS policy page 4-6
ap71xx Adds a AP71XX to the wireless controller managed network page 4-7
association-acl- Configures an association ACL policy page 4-8
policy
auto-provisioning- Configures an auto provisioning policy page 4-9
policy
captive portal Configures a captive portal page 4-10
clear Clears the event history page 4-30
customize Customizes the CLI command summary output page 4-31
device Specifies configuration on multiple devices page 4-39
device- Configures a device categorization object page 4-40
categorization
dhcp-server-policy Configures a DHCP server policy page 4-45
dns-whitelist Configures a DNS whitelist page 4-47
end Ends and exits current mode and moves to the PRIV EXEC mode page 4-51
event-system-policy Configures an event system policy page 4-52
firewall-policy Configures a firewall policy page 4-65
host Sets the system's network name page 4-67
ip Configures Internet Protocol (IP) components page 4-68
inline-password- Stores encryption key in the startup configuration file page 4-69
encryption
l2tpv3 Configures Layer 2 Tunneling Protocol Version 3 (L2TPV3) tunnel policy page 4-70
mac Configures MAC access lists (goes to the MAC Access Control List (ACL) mode) page 4-72
management-policy Configures a management policy page 4-73
meshpoint Configures meshpoint related configuration commands page 4-74
meshpoint-qos- Configures a set of parameters that defines the quality of service (QoS) page 4-75
policy
mint-policy Configures a MiNT security policy page 4-76
4-4 WiNG 5.4 FIPS Access Point CLI Reference Guide

Table 4.1 Global Config Commands

Command Description Reference


nac-list Configures a network ACL page 4-77
no Negates a command or sets its default page 4-83
password- Enables password encryption page 4-88
encryption
profile Configures profile related commands page 4-89
radio-qos-policy Configures a radio qos policy page 4-92
radius-group Configures a RADIUS group page 4-93
radius-server-policy Configures a RADIUS server policy page 4-94
radius-user-pool- Configures a RADIUS user pool policy page 4-95
policy
rf-domain Creates a RF Domain page 4-97
role-policy Configures a role policy page 4-115
routing-policy Configures a routing policy page 4-116
self Displays a logged devices configuration context page 4-117
smart-rf-policy Configures a Smart RF policy page 4-118
wips-policy Configures a WIPS policy page 4-119
wlan Configures a wireless WLAN page 4-121
wlan-qos-policy Configures a WLAN QoS policy page 4-165
clrscr Clears the display screen page 5-3
commit Commits (saves) changes made in the current session page 5-4
exit Ends current mode and moves to the previous mode page 5-5
help Displays interactive help system page 5-6
revert Reverts changes to their last saved configuration page 5-12
service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 6-4
write Writes information to memory or terminal page 5-33
GLOBAL CONFIGURATION COMMANDS 4-5

4.1.1 aaa-policy
Global Configuration Commands
Configures an Authentication, Accounting, and Authorization (AAA) policy. This policy configures multiple servers for
authentication and authorization. Up to six servers can be configured for providing AAA services.
Supported in the following platforms:
Access Points AP71XX
Syntax
aaa-policy <AAA-POLICY-NAME>
Parameters
aaa-policy <AAA-POLICY-NAME>

<AAA-POLICY-NAME> Specify the AAA policy name. If the policy does not exist, it is created.
Examples
[G]ap7131-4AA708(config)#aaa-policy test
[G]ap7131-4AA708(config-aaa-policy-test)#?
AAA Policy Mode commands:
accounting Configure accounting parameters
attribute Configure RADIUS attributes in access and accounting
requests
authentication Configure authentication parameters
health-check Configure server health-check parameters
mac-address-format Configure the format in which the MAC address must be
filled in the Radius-Request frames
no Negate a command or set its defaults
proxy-attribute Configure radius attribute behavior when proxying
through controller or rf-domain-manager
server-pooling-mode Configure the method of selecting a server from the
pool of configured AAA servers
use Set setting to use

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-aaa-policy-test)#
Related Commands

no Removes an existing AAA policy

NOTE: For more information on the AAA policy commands, see Chapter 8, AAA-POLICY.
4-6 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.2 aaa-tacacs-policy
Global Configuration Commands
Configures AAA Terminal Access Controller Access-Control System (TACACS) policy. This policy configures multiple servers for
authentication and authorization. TACACS Authentication server should be configured when server preference is authenticated
server.
Supported in the following platforms:
Access Points AP71XX
Syntax
aaa-tacacs-policy <AAA-TACACS-POLICY-NAME>
Parameters
aaa-tacacs-policy <AAA-TACACS-POLICY-NAME>

<AAA-TACACS-POLICY- Specify the AAA-TACACS policy name. If the policy does not exist, it is created.
NAME>
Examples
[G]ap7131-4AA708(config)#aaa-tacacs-policy testpolicy
[G]ap7131-4AA708(config-aaa-tacacs-policy-testpolicy)#?
AAA TACACS Policy Mode commands:
accounting Configure accounting parameters
authentication Configure authentication parameters
authorization Configure authorization parameters
no Negate a command or set its defaults

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-aaa-tacacs-policy-testpolicy)#
Related Commands

no Removes an existing AAA TACACS policy

NOTE: For more information on the AAA-TACACS policy commands, see Chapter 25,
AAA-TACACS-POLICY.
GLOBAL CONFIGURATION COMMANDS 4-7

4.1.3 ap71xx
Global Configuration Commands
Adds a AP71XX series access point to the wireless controller network. If a profile for the AP is not available, a new profile is
created.
Supported in the following platforms:
Access Point AP71XX
Syntax
ap71xx <MAC>
Parameters
ap71xx <MAC>

<MAC> Specify the AP71XXs MAC address.


Examples
[G]ap7131-4AA708(config)#ap71xx 00-04-96-4A-A7-08
[G]ap7131-4AA708(config-device-00-04-96-4A-A7-08)#
Related Commands

no Removes an AP71XX from the network


4-8 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.4 association-acl-policy
Global Configuration Commands
Configures an association ACL policy. This policy configures a list of devices allowed or denied access to the wireless controller
managed network.
Supported in the following platforms:
Access Points AP71XX
Syntax
association-acl-policy <ASSOCIATION-ACL-POLICY-NAME>
Parameters
association-acl-policy <ASSOCIATION-ACL-POLICY-NAME>

<ASSOCIATION-ACL- Specify the association ACL policy name. If the policy does not exist, it is created.
POLICY-NAME>
Examples
[G]ap7131-4AA708(config)#association-acl-policy test
[G]ap7131-4AA708(config-assoc-acl-test)#?
Association ACL Mode commands:
deny Specify MAC addresses to be denied
no Negate a command or set its defaults
permit Specify MAC addresses to be permitted

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-assoc-acl-test)#
Related Commands

no Resets values or disables commands

NOTE: For more information on the association-acl-policy, see Chapter 10,


ASSOCIATION-ACL-POLICY.
GLOBAL CONFIGURATION COMMANDS 4-9

4.1.5 auto-provisioning-policy
Global Configuration Commands
Configures an auto provisioning policy. This policy is used to configure the automatic provisioning of device adoption. The policy
configures how an AP is adopted based on its type.
Supported in the following platforms:
Access Points AP71XX
Syntax
auto-provisioning-policy <AUTO-PROVISIONING-POLICY-NAME>
Parameters
auto-provisioning-policy <AUTO-PROVISIONING-POLICY-NAME>

<AUTO-PROVISIONING- Specify the auto provisioning policy name. If the policy does not exist, it is created.
POLICY-NAME>
Examples
[G]ap7131-4AA708(config)#auto-provisioning-policy test
[G]ap7131-4AA708(config-auto-provisioning-policy-test)#?
Auto-Provisioning Policy Mode commands:
adopt Add rule for device adoption
default-adoption Adopt devices even when no matching rules are found.
Assign default profile and default rf-domain
deny Add rule to deny device adoption
no Negate a command or set its defaults

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal
[G]ap7131-4AA708(config-auto-provisioning-policy-test)#
Related Commands

no Removes an existing Auto Provisioning policy

NOTE: For more information on the association-acl-policy, see Chapter 9, AUTO-


PROVISIONING-POLICY.
4 - 10 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.6 captive portal


Global Configuration Commands
The captive portal mode configures a hotspot. Table 4.2 lists the command to enter the captive portal configuration mode.
Table 4.2 Captive-Portal Config Commands

Command Description Reference


captive-portal Creates a new captive portal and enters its configuration mode page 4-11
captive-portal- Summarizes captive portal configuration commands page 4-12
mode commands
GLOBAL CONFIGURATION COMMANDS 4 - 11

4.1.6.1 captive-portal
captive portal
Configures a captive portal. A captive portal is a hotspot type guest WLAN where users access wireless controller resources.
Supported in the following platforms:
Access Points AP71XX
Syntax
captive-portal <CAPTIVE-PORTAL-NAME>
Parameters
captive-portal <CAPTIVE-PORTAL-NAME>

<CAPTIVE-PORTAL- Specify the captive portal name. If the captive portal does not exist, it is created.
NAME>
Examples
[G]ap7131-4AA708(config)#captive-portal test
[G]ap7131-4AA708(config-captive-portal-test)#?
Captive Portal Mode commands:
access-time Allowed access time for the client. Used when there is
no session time in radius response
access-type Access type of this captive portal
accounting Configure how accounting records are created for this
captive portal policy
connection-mode Connection mode for this captive portal
custom-auth Custom user information
data-limit Enforce data limit for clients
inactivity-timeout Inactivity timeout in seconds. If a frame is not
received from client for this amount of time, then
current session will be removed
no Negate a command or set its defaults
server Configure captive portal server parameters
simultaneous-users Particular username can only be used by a certain number
of MAC addresses at a time
terms-agreement User needs to agree for terms and conditions
use Set setting to use
webpage Configure captive portal webpage parameters
webpage-location The location of the webpages to be used for
authentication. These pages can either be hosted on the
system or on an external web server.

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Removes an existing captive portal


4 - 12 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.6.2 captive-portal-mode commands


captive portal
Table 4.3 summarizes captive portal configuration mode commands.
Table 4.3 Captive-Portal-Mode Commands

Command Description Reference


access-time Defines a clients access time. It is used when no session time is defined in the page 4-13
RADIUS response
access-type Configures a captive portals access type page 4-14
accounting Enables a captive portals accounting records page 4-15
connection-mode Configures a captive portals connection mode page 4-16
data-limit Enforces data limit for wireless clients page 4-17
inactivity-timeout Defines an inactivity timeout in seconds page 4-18
no Resets or disables captive portal commands page 4-19
server Configures the captive portal server parameter page 4-22
simultaneous- Specifies a username used by a MAC address pool page 4-23
users
terms-agreement Enforces the user to agree to terms and conditions (included in login page) for page 4-24
captive portal access
use Defines captive portal configuration settings page 4-25
webpage-location Specifies the location of Web pages used for captive portal authentication page 4-26
webpage Configures captive portal Web page parameters page 4-27
clrscr Clears the display screen page 5-3
commit Commits (saves) changes made in the current session page 5-4
end Ends and exits the current mode and moves to the PRIV EXEC mode page 4-51
exit Ends the current mode and moves to the previous mode page 5-5
help Displays the interactive help system page 5-6
revert Reverts changes to their last saved configuration page 5-12
service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 6-4
write Writes information to memory or terminal page 5-33
GLOBAL CONFIGURATION COMMANDS 4 - 13

4.1.6.2.1 access-time
captive-portal-mode commands
Defines the permitted access time for a client. It is used when no session time is defined in the RADIUS response.
Supported in the following platforms:
Access Points AP71XX
Syntax
access-time <30-10080>
Parameters
access-time <30-10080>

<30-10080> Defines the access time allowed for a wireless client from 30 - 10080 minutes
Examples
[G]ap7131-4AA708(config-captive-portal-test)#access-time 35
[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35
[G]ap7131-4AA708(config-captive-portal-test)#

Related Commands

no Removes the permitted access time for a client


4 - 14 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.6.2.2 access-type
captive-portal-mode commands
Defines the captive portal access type
Supported in the following platforms:
Access Points AP71XX
Syntax
access-type radius

Parameters
access-type radius

radius Verifies custom user information for authentication (RADIUS lookup of given information, such as
name, e-mail address, telephone etc.)
Examples
[G]ap7131-4AA708(config-captive-portal-test)#access-type radius

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-type radius
access-time 35
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Removes the captive portal access type


GLOBAL CONFIGURATION COMMANDS 4 - 15

4.1.6.2.3 accounting
captive-portal-mode commands
Enables accounting records for a captive portal
Supported in the following platforms:
Access Points AP71XX
Syntax
accounting [radius|syslog]

accounting radius

accounting syslog host <IP/HOSTNAME> {proxy-mode[none|through-controller|


through-rf-domain-manager]}
Parameters
accounting radius

radius Enables support for RADIUS accounting messages

accounting syslog host <IP/HOSTNAME> {proxy-mode[none|through-controller|through-rf-


domain-manager]}

syslog Enables support for syslog accounting messages


host <IP/HOSTNAME> host <IP/HOSTNAME> Specifies the destination where accounting messages are sent.
Specify the destinations IP address or hostname.
proxy-mode Optional. Specifies the syslog servers proxy-mode
[none| none The requests are sent directly to server from device
through-controller|
through-controller Proxies the requests through the controller that is configuring the device
through-rf-domain-
manager] through-rf-domain-manager Proxies the requests through the local rf-domain-manager

Examples
[G]ap7131-4AA708(config-captive-portal-test)#accounting syslog host 172.16.10.13
[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test

access-time 35
accounting syslog host 172.16.10.13
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Disables accounting records for this captive portal


4 - 16 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.6.2.4 connection-mode
captive-portal-mode commands
Configures a captive portals connection mode. HTTPS uses encrypted connection to support user requests.
Supported in the following platforms:
Access Points AP71XX
Syntax
connection-mode https
Parameters
connection-mode https

https Sets HTTPS as the default connection mode


Note: HTTPS is a more secure version of HTTP, and uses encryption while sending and receiving
requests.
Examples
[G]ap7131-4AA708(config-captive-portal-test)#connection-mode https

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test

access-time 35
connection-mode https
accounting syslog host 172.16.10.13 port 1
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Removes this captive portals connection mode


GLOBAL CONFIGURATION COMMANDS 4 - 17

4.1.6.2.5 data-limit
captive-portal-mode commands
Enforces data limit for wireless clients within a captive portal
Supported in the following platforms:
Access Points AP71XX
Syntax
data-limit <1-102400> {action [log-and-disconnect|log-only]}
Parameters
data-limit <1-102400> {action [log-and-disconnect|log-only]}

data-limit <1-102400> Enforces data limit for wireless clients


<1-102400> Specifies the amount of data transfer (both up and down stream traffic)
allowed for each client. Specify a value from 1 - 102400.
action Optional. Specifies the action to be taken when client exceeds the specified data limit
[log-and-disconnect| log-and-disconnect Generates a logging record and disconnects the client session
log-only]
log-only Generates a logging record only (the wireless remains connected)
Examples
[G]ap7131-4AA708(config-captive-portal-test)#custom-auth info bob,
bob@motorolasolutions.com

[G]ap7131-4AA708(config-captive-portal-testportal)#data-limit 200 action log-and-


disconnect
[G]ap7131-4AA708(config-captive-portal-testportal)#show context
captive-portal testportal
access-time 35
connection-mode https
accounting syslog host 172.16.10.13 port 1
data-limit 200 action log-and-disconnect
[G]ap7131-4AA708(config-captive-portal-testportal)#
Related Commands

no Remove data limit enforcement for wireless clients on this captive portal
4 - 18 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.6.2.6 inactivity-timeout
captive-portal-mode commands
Defines an inactivity timeout in seconds. If a frame is not received from a client for the specified time interval, the current
session is terminated.
Supported in the following platforms:
Access Points AP71XX
Syntax
inactivity-timeout <300-86400>
Parameters
inactivity-timeout <300-86400>

<300-86400> Defines the duration of inactivity after which a captive portal session is automatically terminated.
Set a timeout interval from 300 - 86400 seconds.
Examples
[G]ap7131-4AA708(config-captive-portal-test)#inactivity-timeout 750

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35
connection-mode https
inactivity-timeout 750
accounting syslog host 172.16.10.13 port 1
data-limit 200 action log-and-disconnect
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Removes the client inactivity timeout configured with this captive portal
GLOBAL CONFIGURATION COMMANDS 4 - 19

4.1.6.2.7 no
captive-portal-mode commands
The no command disables captive portal mode commands or resets parameters to their default.
Supported in the following platforms:
Access Points AP71XX
Syntax
no [access-time|access-type|accounting|connection-mode|data-limit|inactivity-timeout|
server|simultaneous-users|terms-agreement|use|webpage|webpage-location]

no [access-time|access-type|connection-mode|data-limit|inactivity-timeout|
simultaneous-users|terms-agreement|webpage-location]

no accounting [radius|syslog]

no custom-auth info

no server host
no server mode {centralized-controller [hosting-vlan-interface]}

no use [aaa-policy|dns-whitelist]

no webpage external [agreement|fail|login|welcome]


no webpage internal [org-name|org-signature]
no webpage internal [agreement|fail|login|welcome] [description|footer|header|
main-logo|small-logo|title]
Parameters
no [access-time|access-type|connection-mode|data-limit|inactivity-timeout|
simultaneous-users|terms-agreement|webpage-location]

no access-time Resets client access time


no access-type Resets client access type
no connection-mode Resets connection mode
no data-limit Removes data limit enforcement for clients
no inactivity-timeout Resets inactivity timeout interval
no simultaneous-users Resets the number of MAC addresses that can use a single user name to its default of 1
no terms-agreement Resets the terms agreement requirement for logging in. The user no longer has to agree to terms
& conditions before connecting to a captive portal.
no webpage-location Resets the use of custom Web pages for login, welcome, terms, and failure page. The default of
automatically created Web pages is used.

no accounting [radius|syslog]

no accounting Disables accounting configurations


radius Disables support for sending RADIUS accounting messages
syslog Disables support for sending syslog messages to remote syslog servers
no server host

no server host Clears captive portal server address


4 - 20 WiNG 5.4 FIPS Access Point CLI Reference Guide

no server mode {centralized-controller [hosting-vlan-interface]}

no server mode Configures the captive portal server mode


centralized-controller Optional. Resets the hosting VLAN interface for centralized captive portal server to its default
hosting-vlan-interface value of zero (0)

no use [aaa-policy|dns-whitelist]

no use Resets profiles used with a captive portal policy


aaa-policy Removes the AAA policy used with a captive portal policy
dns-whitelist Removes the DNS whitelist used with a captive portal policy
no webpage external [agreement|fail|login|welcome]

no webpage external Resets the configuration of external Web pages displayed when a user interacts with the captive
portal
agreement Resets the agreement page
fail Resets the fail page
login Resets the login page
welcome Resets the welcome page

no webpage internal [org-name|org-signature]

no webpage external Resets the configuration of internal Web pages displayed when a user interacts with the captive
portal
org-name Resets the organization name that is included at the top of Web pages
org-signature Resets the organization signature (email, addresses, phone numbers) included at the bottom of
Web pages

no webpage internal [agreement|fail|login|welcome] [description|footer|header|


main-logo|small-logo|title]

no webpage external Resets the configuration of internal Web pages displayed when a user interacts with the captive
portal
agreement Resets the agreement page
fail Resets the fail page
login Resets the login page
welcome Resets the welcome page
description Resets the description part of each Web page. This is the area where information about the
captive portal and user state is displayed to the user.
footer Resets the footer portion of each Web page. A footer can contain the organization signature
header Resets the header portion of each Web page
main-logo Resets the main logo of each Web page
GLOBAL CONFIGURATION COMMANDS 4 - 21

small-logo Resets the small logo of each Web page


title Resets the title of each Web page
Examples
Following is the captive portal test settings before the no command is executed:

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35

connection-mode https
inactivity-timeout 750
accounting syslog host 172.16.10.13 port 1
data-limit 200 action log-and-disconnect
[G]ap7131-4AA708(config-captive-portal-test)#

Following is the captive portal test settings after the no command is executed:

[G]ap7131-4AA708(config-captive-portal-test)#no accounting syslog


[G]ap7131-4AA708(config-captive-portal-test)#no access-type
[G]ap7131-4AA708(config-captive-portal-testportal)#no data-limit
[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35
custom-auth info bob,\ bob@motorolasolutions.com
connection-mode https
inactivity-timeout 750
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

access-time Configures the allowed access time for each captive portal client
access-type Configures a captive portal authentication and logging information
accounting Configures a captive portal accounting information
connection-mode Configures how clients connect to a captive portal
data-limit Enforces data limit for wireless clients in a captive portal
inactivity-timeout Configures the client inactivity timeout interval
server Configures the captive portal server parameters
simultaneous-users Configures the maximum number of clients that can use a single captive portal user name
terms-agreement Configures if a client has to accept terms and conditions before logging to the captive portal
use Configures a AAA policy and DNS whitelist with this captive portal policy
webpage-location Configures the location of Web pages displayed when the user interacts with the captive portal
webpage Configures Web pages used by the captive portal to interact with users
aaa-policy Configures a AAA policy
dns-whitelist Configures a DNS whitelist
4 - 22 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.6.2.8 server
captive-portal-mode commands
Configures captive portal server parameters, such as the hostname, IP, and mode of operation
Supported in the following platforms:
Access Points AP71XX
Syntax
server [host|mode]

server host <IP/HOSTNAME>

server mode [centralized|centralized-controller {hosting-vlan-interface}|self]


Parameters
server host <IP/HOSTNAME>

host <IP/HOSTNAME> Configures the internal captive portal authentication server (wireless controller or access point)
<IP/HOSTNAME> Specify the IP address or hostname of the captive portal server.
Note: For centralized wireless controller mode, this should be a virtual hostname and not IP
address.

server mode [centralized|centralized-controller {hosting-vlan-interface}|self]

mode Configures the captive portal server mode


centralized Considers the configured server hostname or IP address as the centralized captive portal server
centralized-controller Uses the configured hostname as the virtual captive portal server name across the wireless
{hosting-vlan-interface} controllers
hosting-vlan-interface Optional. Configures the VLAN in which the client can reach the
wireless controller (server)
self Selects the captive portal server as the same device supporting the WLAN
Examples
[G]ap7131-4AA708(config-captive-portal-test)#server host 172.16.10.9

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35
connection-mode https
inactivity-timeout 750
server host 172.16.10.9
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Resets or disables captive portal host and mode settings


GLOBAL CONFIGURATION COMMANDS 4 - 23

4.1.6.2.9 simultaneous-users
captive-portal-mode commands
Specifies the number of MAC addresses that can simultaneously use a particular username
Supported in the following platforms:
Access Points AP71XX
Syntax
simultaneous-users <1-8192>
Parameters
simultaneous-users <1-8192>

<1-8192> Specifies the number of MAC addresses that can simultaneously use a particular username. Select
a number from 1 - 8192.
Examples
[G]ap7131-4AA708(config-captive-portal-test)#simultaneous-users 5

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35
connection-mode https
inactivity-timeout 750
server host 172.16.10.9
simultaneous-users 5
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Resets or disables captive portal commands


4 - 24 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.6.2.10 terms-agreement
captive-portal-mode commands
Enforces the user to agree to terms and conditions (included in the login page) for captive portal guest access
Supported in the following platforms:
Access Points AP71XX
Syntax
terms-agreement
Parameters
None
Examples
[G]ap7131-4AA708(config-captive-portal-test)#terms-agreement

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35
connection-mode https
inactivity-timeout 750
server host 172.16.10.9
simultaneous-users 5
terms-agreement
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Resets or disables captive portal commands


GLOBAL CONFIGURATION COMMANDS 4 - 25

4.1.6.2.11 use
captive-portal-mode commands
Configures a AAA policy and DNS whitelist with this captive portal policy. AAA policies are used to configure servers for this
captive portal. DNS whitelists provide a method to restrict users to a set of configurable domains on the internet accessed
through the captive portal.
For more information on AAA policy, see Chapter 8, AAA-POLICY.
For more information on DNS whitelists, see Chapter 4, dns-whitelist.
Defines captive portal configuration settings
Supported in the following platforms:
Access Points AP71XX
Syntax
use [aaa-policy <AAA-POLICY-NAME>|dns-whitelist <DNS-WHITELIST-NAME>]
Parameters
use [aaa-policy <AAA-POLICY-NAME>|dns-whitelist <DNS-WHITELIST-NAME>]

aaa-policy Configures a AAA policy with this captive portal. AAA policies configure servers for the captive
<AAA-POLICY-NAME> portal.
<AAA-POLICY-NAME> Specify the AAA policy name.
dns-whitelist Configures a DNS whitelist to use with this captive portal. DNS whitelists restrict URL access
<DNS-WHITELIST- from a captive portal.
NAME> <DNS-WHITELIST-NAME> Specify the DNS whitelist name.
Examples
[G]ap7131-4AA708(config-captive-portal-test)#use aaa-policy test

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35
connection-mode https
inactivity-timeout 750
server host 172.16.10.9
simultaneous-users 5
terms-agreement
use aaa-policy test
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Removes a DNS Whitelist or a AAA policy from use with this captive portal
dns-whitelist Configures a DNS whitelist
aaa-policy Configures a AAA policy
4 - 26 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.6.2.12 webpage-location
captive-portal-mode commands
Specifies the location of the Web pages used for authentication. These pages can either be hosted on the system or on an
external Web server.
Supported in the following platforms:
Access Points AP71XX
Syntax
webpage-location [advanced|external|internal]
Parameters
webpage-location [advanced|external|internal]

advanced Uses Web pages for login, welcome, failure, and terms created and stored on the wireless
controller
external Uses Web pages for login, welcome, failure, and terms located on an external server. Provide the
URL for each of these pages.
internal Uses Web pages for login, welcome, and failure that are automatically generated
Examples
[G]ap7131-4AA708(config-captive-portal-test)#webpage-location external

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35
connection-mode https
inactivity-timeout 750
server host 172.16.10.9
simultaneous-users 5
terms-agreement
webpage-location external
use aaa-policy test
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Resets or disables captive portal Web page location settings


webpage Configures Web pages displayed for the login, welcome, fail, and terms pages for a captive portal
GLOBAL CONFIGURATION COMMANDS 4 - 27

4.1.6.2.13 webpage
captive-portal-mode commands
Configures Web pages displayed when interacting with a captive portal. There are four (4) different pages.
agreement This page displays Terms and Conditions that a user accepts before allowed access to the captive portal.
fail This page is displayed when the user is not authenticated to use the captive portal.
login This page is displayed when the user connects to the captive portal. It fetches login credentials from the user.
welcome This page is displayed to welcome an authenticated user to the captive portal.
These Web pages, which interact with captive portal users, can be located either on the wireless controller or an external
location.
Supported in the following platforms:
Access Points AP71XX
Syntax
webpage [external|internal]

webpage external [agreement|fail|login|welcome] <URL>

webpage internal [agreement|fail|login|org-name|org-signature|welcome]


webpage internal [org-name|org-signature] <LINE>
webpage internal [agreement|fail|login|welcome] [description|footer|header|title]
<CONTENT>
webpage internal [agreement|fail|login|welcome] [main-logo|small-logo] <URL>
Parameters
webpage external [agreement|fail|login|welcome] <URL>

external Indicates Web pages being served are external to the captive portal
agreement Indicates the page is displayed for Terms & Conditions
fail Indicates the page is displayed for login failure
login Indicates the page is displayed for getting user credentials
welcome Indicates the page is displayed after a user has been successfully authenticated
<URL> Indicates the URL to the Web page displayed
Query String: URL can include query tags.
Supported Query Tags:
'WING_TAG_CLIENT_IP' - Captive portal client IPv4 address
'WING_TAG_CLIENT_MAC' - Captive portal client MAC address
'WING_TAG_WLAN_SSID ' - Captive portal client WLAN ssid
'WING_TAG_AP_MAC' - Captive portal client AP MAC address
'WING_TAG_CP_SERVER' - Captive portal server address
'WING_TAG_USERNAME' - Captive portal authentication username
Example:-
http://cportal.com/policy/login.html?client_ip=WING_TAG_CLIENT_IP&ap_m
c=WING_TAG_AP_MAC. Use '&' or '?' character to separate
field-value pair. Note: Enter 'ctrl-v' followed by '?' to configure query string
4 - 28 WiNG 5.4 FIPS Access Point CLI Reference Guide

webpage internal [agreement|fail|login|welcome] [description|footer|header|title]


<CONTENT>

internal Indicates the Web pages being served are internal


agreement Indicates the page is displayed for Terms & Conditions
fail Indicates the page is displayed for login failure
login Indicates the page is displayed for getting user credentials
welcome Indicates the page is displayed after a user has been successfully authenticated
description Indicates the content is the description portion of each internal, agreement, fail, and welcome
page
footer Indicates the content is the footer portion of each internal, agreement, fail, and welcome page.
The footer portion contains the signature of the organization that hosts the captive portal.
header Indicates the content is the header portion of each internal, agreement, fail, and welcome page.
The header portion contains the heading information for each of these pages.
title Indicates the content is the title of each internal, agreement, fail, and welcome page. The title for
each of these pages is configured here.
<CONTENT> Specify the content displayed for each of the different components of the Web page. You can
enter 900 characters for the description and 256 characters each for header, footer, and title.

webpage internal [agreement|fail|login|welcome] [main-logo|small-logo] <URL>

internal Indicates the Web pages being served are internal


agreement Indicates the page is displayed for Terms & Conditions
fail Indicates the page is displayed for login failure
login Indicates the page is displayed for getting user credentials
welcome Indicates the page is displayed after a user has been successfully authenticated
main-logo Indicates the main logo displayed in the header portion of each Web page
small-logo Indicates the logo image displayed in the footer portion of each Web page, and constitutes the
organizations signature
<URL> Indicates the complete URL of the main-log and small-logo files
webpage internal [org-name|org-signature] <LINE>

internal Indicates the Web pages being served are internal


org-name Specifies the companys name, included on Web pages along with the main image
org-signature Specifies the companys signature information, included in the bottom of Web pages along with
small image
<LINE> Specify the companys name or signature depending on the option selected.
GLOBAL CONFIGURATION COMMANDS 4 - 29

Examples
[G]ap7131-4AA708(config-captive-portal-test)#webpage external fail http://
www.motorolasolutions.com

[G]ap7131-4AA708(config-captive-portal-test)#show context
captive-portal test
access-time 35

connection-mode https
inactivity-timeout 750
server host 172.16.10.9
simultaneous-users 5
terms-agreement
webpage-location external
webpage external fail http://www.motorolasolutions.com
use aaa-policy test
[G]ap7131-4AA708(config-captive-portal-test)#
Related Commands

no Resets or disables captive portal commands


4 - 30 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.7 clear
Global Configuration Commands
Clears parameters, cache entries, table entries, and other similar entries. The clear command is available for specific
commands only. The information cleared using this command varies depending on the mode where executed.
Supported in the following platforms:
Access Points AP71XX
Syntax
clear event-history
Parameters
clear event-history

event-history Clears the event history file


Examples
[G]ap7131-4AA708(config)#show event-history
EVENT HISTORY REPORT
Generated on '2012-06-21 10:38:33 UTC' by 'admin'

2012-06-21 10:26:22 ap7131-4AA708 SYSTEM UI_USER_AUTH_SUCCESS UI User: 'admin',


from: '172.16.10.105' authentication successful
2012-06-21 09:29:58 ap7131-4AA708 SYSTEM LOGIN Successfully logged
in User: 'admin' with privilege 'superuser' from 'ssh'
2012-06-21 01:25:46 ap7131-4AA708 NSM DHCPIP Interface vlan1
acquired IP address 172.16.10.102/24 via DHCP
2012-06-21 01:25:46 ap7131-4AA708 NSM DHCPDEFRT Default route with
gateway 172.16.10.7 learnt via DHCP
2012-06-20 14:52:43 ap7131-4AA708 NSM DHCPIP Interface vlan1
acquired IP address 172.16.10.102/24 via DHCP
2012-06-20 14:52:43 ap7131-4AA708 NSM DHCPDEFRT Default route with
gateway 172.16.10.7 learnt via DHCP
2012-06-20 10:18:04 ap7131-4AA708 SYSTEM LOGOUT Logged out User:
'admin' with privilege 'superuser' from '172.16.10.110(web)'
2012-06-20 10:16:14 ap7131-4AA708 SYSTEM LOGOUT Logged out User:
'admin' with privilege 'superuser' from '172.16.10.10(web)'
2012-06-20 09:47:44 ap7131-4AA708 SYSTEM UI_USER_AUTH_SUCCESS UI User: 'admin',
from: '172.16.10.110' authentication successful
2012-06-20 09:45:41 ap7131-4AA708 SYSTEM UI_USER_AUTH_SUCCESS UI User: 'admin',
from: '172.16.10.10' authentication successful
--More--
[G]ap7131-4AA708(config)#

[G]ap7131-4AA708(config)#clear event-history

[G]ap7131-4AA708(config)#show event-history
EVENT HISTORY REPORT
Generated on '2012-06-21 10:39:23 UTC' by 'admin'

[G]ap7131-4AA708(config)#
GLOBAL CONFIGURATION COMMANDS 4 - 31

4.1.8 customize
Global Configuration Commands
Customizes the output of the summary CLI commands. Use this command to define the data displayed as a result of various
show commands.
Supported in the following platforms:
Access Points AP71XX
Syntax
customize [hostname-column-width|show-wireless-client|show-wireless-client-stats|
show-wireless-client-stats-rf|show-wireless-meshpoint|show-wireless-meshpoint-
neighbor-stats|show-wireless-meshpoint-neighbor-stats-rf|show-wireless-radio|
show-wireless-radio-stats|show-wireless-radio-stats-rf]

customize hostname-column-width <1-64>

customize show-wireless-client (ap-name <1-64>,auth,bss,enc,hostname <1-64>,ip,


last-active,location <1-64>,mac,radio-alias <3-67>,radio-id,radio-type,state,
username <1-64>,vendor,vlan,wlan)

customize show-wireless-client-stats (hostname <1-64>,mac,rx-bytes,rx-errors,


rx-packets,rx-throughput,tx-bytes,tx-dropped,tx-packets,tx-throughput)

customize show-wireless-client-stats-rf (average-retry-number,error-rate,


hostname <1-64>,mac,noise,q-index,rx-rate,signal,snr,t-index,tx-rate)
customize show-wireless-meshpoint (ap-mac,cfg-as-root,hops,hostname <1-64>,
interface-ids,is-root,mesh-name <1-64>,mpid,next-hop-hostname <1-64>,next-hop-ifid,
next-hop-use-time,path-metric,root-bound-time,root-hostname <1-64>,root-mpid)

customize show-wireless-meshpoint-neighbor-stats (ap-hostname <1-64>,


neighbor-hostname <1-64>,neighbor-ifid,rx-bytes,rx-errors,rx-packets,
rx-throughtput,tx-bytes,tx-dropped,tx-packets,tx-throughput)

customize show-wireless-meshpoint-neighbor-stats-rf (ap-hostname <1-64>,


average-retry-number,error-rate,neighbor-hostname <1-64>,neighbor-ifid,noise,
q-index,rx-rate,signal,snr,t-index,tx-rate)
customize show-wireless-radio (adopt-to,ap-name <1-64>,channel,location <1-64>,
num-clients,power,radio-alias <3-67>,radio-id,radio-mac,rf-mode,state)
customize show-wireless-radio-stats (radio-alias <3-67>,radio-id,radio-mac,rx-bytes,
rx-errors,rx-packets,rx-throughput,tx-bytes,tx-dropped,tx-packets,tx-throughput)

customize show-wireless-radio-stats-rf (average-retry-number,error-rate,noise,


q-index,radio-alias <3-67>,radio-id,radio-mac,rx-rate,signal,snr,t-index,tx-rate)
Parameters
customize hostname-column-width <1-64>

hostname-column- Configures default width of the hostname column in all show commands
width <1-64> <1-64> Specify the hostname column width from 1 - 64 characters.
customize show-wireless-client (ap-name <1-64>,auth,bss,enc,hostname <1-64>,ip,
last-active,location <1-64>,mac,radio-alias <3-67>,radio-id,radio-type,state,
username <1-64>,vendor,vlan,wlan)

show-wireless-client Customizes the columns displayed for the show wireless client command
ap-name <1-64> Includes the ap-name column in the show wireless client command
<1-64> Specify the ap-name column width from 1 - 64 characters.
4 - 32 WiNG 5.4 FIPS Access Point CLI Reference Guide

auth Includes the auth column in the show wireless client command. The auth column displays the
authorization protocol used by the wireless client.
bss Includes the BSS column in the show wireless client command. The bss column displays the BSSID
the wireless client is associated with.
enc Includes the enc column in the show wireless client command. The enc column displays the
encryption suite used by the wireless client.
hostname <1-64> Includes the hostname column in the show wireless client command. The hostname column
displays the wireless clients hostname.
<1-64> Specify the hostname column width from 1 - 64 characters.
ip Includes the IP column in the show wireless client command. The IP column displays the wireless
clients current IP address.
last-active Includes the last-active column in the show wireless client command. The last-active column
displays the time of last activity seen from the wireless client.
location <1-64> Includes the location column in the show wireless client command. The location column displays
the location of the AP the wireless client is associated with.
<1-64> Specify the location column width from 1 - 64 characters.
mac Includes the MAC column in the show wireless client command. The MAC column displays the
wireless clients MAC address.
radio-alias <3-67> Includes the radio-alias column in the show wireless client command. The radio-alias column
displays the radio alias with the AP's hostname and the radio interface number in the
HOSTNAME:RX format.
<3-64> Specify the radio-alias column width from 3 - 67 characters.
radio-id Includes the radio-id column in the show wireless client command. The radio-id column displays
the radio ID with the APs MAC address and the radio interface number in the
AA-BB-CC-DD-EE-FF:RX format.
radio-type Includes the radio-type column in the show wireless client command. The radio-type column
displays the wireless clients radio type.
state Includes the state column in the show wireless client command. The state column displays the
wireless clients current availability state.
username <1-64> Includes the username column in the show wireless client command. The username column
displays the wireless clients username.
<1-64> Specify the username column width from 1 - 64 characters.
vendor Includes the vendor column in the show wireless client command. The vendor column displays the
wireless clients vendor ID.
vlan Includes the VLAN column in the show wireless client command. The VLAN column displays the
wireless clients assigned VLAN.
wlan Includes the WLAN column in the show wireless client command. The WLAN column displays the
wireless clients assigned WLAN.
GLOBAL CONFIGURATION COMMANDS 4 - 33

customize show-wireless-client-stats (average-retry-number,error-rate,


hostname <1-64>,mac,noise,q-index,rx-rate,signal,snr,t-index,tx-rate)

show-wireless-client- Customizes columns displayed for the show wireless client statistics command
stats
hostname <1-64> Includes the hostname column in the show wireless client statistics command. The hostname
column displays the wireless clients hostname.
<1-64> Sets the hostname column width from 1 - 64 characters
mac Includes the MAC column in the show wireless client statistics command. The MAC column
displays the wireless clients MAC address.
rx-bytes Includes the rx-bytes column in the show wireless client statistics command. The rx-bytes column
displays the total number of bytes received by the wireless client.
rx-errors Includes the rx-error column in the show wireless client statistics command. The rx-error column
displays the total number of receive errors received by the wireless client.
rx-packets Includes the rx-packets column in the show wireless client statistics command. The
rx-packets column displays the total number of packets received by the wireless client.
rx-throughput Includes the rx-throughput column in the show wireless client statistics command. The
rx-throughput column displays the receive throughput at the wireless client.
tx-bytes Includes the tx-bytes column in the show wireless client statistics command. The tx-bytes column
displays the total number of bytes transmitted by the wireless client.
tx-dropped Includes the tx-dropped column in the show wireless client statistics command. The
tx-dropped column displays the total number of dropped packets by the wireless client.
tx-packets Includes the tx-packets column in the show wireless client statistics command. The
tx-packets column displays the total number of packets transmitted by the wireless client.
tx-throughput Includes the tx-throughput column in the show wireless client statistics command. The
tx-throughput column displays the transmission throughput at the wireless client.

customize show-wireless-client-stats-rf (average-retry-number,error-rate,


noise,q-index,rx-rate,signal,snr,t-index,tx-rate)

show-wireless-client- Customizes the columns displayed for the show wireless client stats rf command
stats-rf
average-retry-number Includes the average-retry-number column in the show wireless client statistics RF command. The
average-retry-number column displays the average number of retransmissions per packet.
error-rate Includes the error-rate column in the show wireless client statistics rf command. The
error-rate column displays the error rate information for the wireless client.
hostname <1-64> Includes the hostname column in the show wireless client statistics RF command. The hostname
column displays the wireless clients hostname.
<1-64> Specify the hostname column width from 1 - 64 characters.
mac Includes the MAC column in the show wireless client statistics RF command. The MAC column
displays the wireless clients MAC address.
4 - 34 WiNG 5.4 FIPS Access Point CLI Reference Guide

noise Includes the noise column in the show wireless client statistics RF command. The noise column
displays the noise as detected by the wireless client.
q-index Includes the q-index column in the show wireless client statistics RF command. The q-index
column displays the RF quality index, where a higher value indicates better RF quality.
rx-rate Includes the rx-rate column in the show wireless client statistics RF command. The rx-rate column
displays the receive rate at the particular wireless client.
signal Includes the signal column in the show wireless client statistics RF command. The signal column
displays the signal strength at the particular wireless client.
snr Includes the snr column in the show wireless client statistics RF command. The snr column
displays the signal-to-noise ratio at the particular wireless client.
t-index Includes the t-index column in the show wireless client statistics RF command. The t-index column
displays the traffic utilization index at the particular wireless controller.
tx-rate Includes the tx-rate column in the show wireless client statistics RF command. The tx-rate column
displays the packet transmission rate at the particular wireless client.

customize show-wireless-meshpoint (ap-mac,cfg-as-root,hops,hostname <1-64>,


interface-ids,is-root,mesh-name <1-64>,mpid,next-hop-hostname <1-64>,next-hop-ifid,
next-hop-use-time,path-metric,root-bound-time,root-hostname <1-64>,root-mpid)

show-wireless- Customizes the show wireless meshpoint command output


meshpoint
ap-mac Includes the ap-name column, which displays the APs MAC address in the AA-BB-CC-DD-EE-FF
format. Applicable only in case of non-controller meshpoints
cfg-as-root Includes the cfg-as-root column, which displays the configured root state of the meshpoint
hops Includes the hops column, which displays the number of hops to the root for this meshpoint
hostname <1-64> Includes the hostname column, which displays the APs hostname. Applicable only in case of
non-wireless controller meshpoints
<1-64> Sets the hostname column width from 1 - 64 characters
interface-ids Includes the interface-ids column, which displays the interface identifiers (interfaces used by this
meshpoint)
is-root Includes the is-root column, which displays the current root state of the meshpoint
mesh-name <1-64> Includes the mesh-name column, which displays the meshpoints name
<1-64> Sets the mesh-name column width from 1 - 64 characters
mpid Includes the mpid column, which displays the meshpoint identifier in the AA-BB-CC-DD-EE-FF
format
next-hop-hostname <1- Includes the next-hop-hostname column, which displays the next-hop APs name (the AP next in
64> the path to the bound root)
<1-64> Sets the next-hop-hostname column width from 1 - 64 characters
next-hop-ifid Includes the next-hop-ifid column, which displays the next-hop interface identifier in the
AA-BB-CC-DD-EE-FF format
GLOBAL CONFIGURATION COMMANDS 4 - 35

next-hop-use-time Includes the next-hop-use-time column, which displays the time since this meshpoint started using
this next hop
root-bound-time Includes the root-bound-time column, which displays the time since this meshpoint has been
bound to the current root
root-hostname <1-64> Includes the root-hostname column, which displays the root APs hostname to which this
meshpoint is bound
<1-64> Sets the root-hostname column width from 1 - 64 characters
root-mpid Includes the root-mpid column, which displays the bound root meshpoint identifier in the
AA-BB-CC-DD-EE-FF format
customize show-wireless-meshpoint-neighbor-stats (ap-hostname <1-64>,
neighbor-hostname <1-64>,neighbor-ifid,rx-bytes,rx-errors,rx-packets,rx-throughtput,
tx-bytes,tx-dropped,tx-packets,tx-throughput)

show-wireless- Customizes the show wireless meshpoint neighbor stats command output
meshpoint-neighbor-
stats
ap-name <1-64> Includes the ap-name column, which displays name of the AP reporting a neighbor
<1-64> Sets the ap-name column width from 1 - 64 characters
neighbor-hostname Includes the neighbor-hostname column, which displays the reported neighbors hostname
<1-64> <1-64> Sets the neighbor-hostname column width from 1 - 64 characters
neighbor-ifid Includes the neighbor-ifid column, which displays the neighbors interface ID
rx-bytes Includes the rx-bytes column, which displays the total bytes received
rx-errors Includes the rx-error column, which displays the total bytes of error received
rx-packets Includes the rx-packets column, which displays the number of packets received
rx-throughput Includes the rx-throughput column, which displays neighbors received throughput
tx-bytes Includes the tx-bytes column, which displays the total bytes transmitted
tx-dropped Includes the tx-dropped column, which displays the total bytes dropped
tx-packets Includes the tx-packets column, which displays the number of packets transmitted
tx-throughput Includes the tx-throughput column, which displays neighbors transmitted throughput

customize show-wireless-meshpoint-neighbor-stats-rf (ap-hostname <1-64>,


average-retry-number,error-rate,neighbor-hostname <1-64>,neighbor-ifid,noise,q-index,
rx-rate,signal,snr,t-index,tx-rate)

show-wireless- Customizes the show wireless meshpoint neighbor statistics RF command output
meshpoint-neighbor-
stats-rf
ap-name <1-64> Includes the ap-name column, which displays name of the AP reporting a neighbor
<1-64> Sets the ap-name column width from 1 - 64 characters
average-retry-number Includes the average-retry-number column, which displays the average number of retransmissions
made per packet.
4 - 36 WiNG 5.4 FIPS Access Point CLI Reference Guide

error-rate Includes the error-rate column


neighbor-hostname Includes the neighbor-hostname, which displays reported neighbors hostname
<1-64> <1-64> Sets the neighbor-hostname column width from 1 - 64 characters
noise Includes the noise column, which displays the noise level in dBm
q-index Includes the q-index column, which displays the q-index
rx-rate Includes the rx-rate column, which displays rate of receiving
signal Includes the signal column, which displays the signal strength in dBM
snr Includes the snr column, which displays the signal-to-noise ratio
t-index Includes the t-index column, which displays t-index
tx-rate Includes the tx-rate column, which displays rate of transmission

customize show-wireless-radio (adopt-to,ap-name <1-64>,channel,location <1-64>,


num-clients,power,radio-alias <3-67>,radio-id,radio-mac,rf-mode,state)

show-wireless-radio Customizes the columns displayed for the show wireless radio command.
adopt-to Includes the adopt-to column in the show wireless radio command. The adopt-to column displays
information about the wireless controller adopting this AP.
ap-name <1-64> Includes the ap-name column in the show wireless radio command. The ap-name column displays
information about the AP this radio belongs.
<1-64> Specify the ap-name column width from 1 - 64 characters.
channel Includes the channel column in the show wireless radio command. The channel column displays
information about the configured and current channel of operation for this radio.
location <1-64> Includes the location column in the show wireless radio command. The location column displays
the location of the AP this radio belongs.
<1-64> Specify the location column width from 1 - 64 characters.
num-clients Includes the num-clients column in the show wireless radio command. The num-clients column
displays the number of clients associated with this radio.
power Includes the power column in the show wireless radio command. The power column displays the
radios configured and current transmit power.
radio-alias <3-67> Includes the radio-alias column in the show wireless radio command. The radio-alias column
displays the radio alias along with the AP's hostname and the radio interface number in the
HOSTNAME:RX formate.
<3-67> Specify the radio-alias column width from 3 - 67 characters.
radio-id Includes the radio-id column in the show wireless radio command. The radio-id column displays
the Radio ID along with the APs MAC address and the radio interface number in the
AA-BB-CC-DD-EE-FF:RX format.
radio-mac Includes the radio-mac column in the show wireless radio command. The radio-mac column
displays the radios base MAC address.
GLOBAL CONFIGURATION COMMANDS 4 - 37

rf-mode Includes the rf-mode column in the show wireless radio command. The rf-mode column displays
the radios operating mode. The radio mode can be 2.4GHz, 5GHz, or sensor.
state Includes the state column in the show wireless radio command. The state column displays the
radios current operational state.
customize show-wireless-radio-stats (radio-alias <3-67>,radio-id,radio-mac,
rx-bytes,rx-errors,rx-packets,rx-throughput,tx-bytes,tx-dropped,tx-packets,
tx-throughput)

show-wireless-radio- Customizes the columns displayed for the show wireless radio statistics command.
stats
radio-alias <3-67> Includes the radio-alias column in the show wireless radio statistics command. The radio-alias
column displays the radio alias along with the AP's hostname and the radio interface number in
the HOSTNAME:RX format.
<3-67> Specify the radio-alias column width from 3 - 67 characters.
radio-id Includes the radio-id column in the show wireless radio statistics command. The radio-id column
displays the Radio ID along with the APs MAC address and the radio interface number in the
AA-BB-CC-DD-EE-FF:RX format.
radio-mac Includes the radio-mac column in the show wireless radio statistics command. The radio-mac
column displays the radios base MAC address.
rx-bytes Includes the rx-bytes column in the show wireless radio statistics command. The rx-bytes column
displays the total number of bytes received by the wireless radio.
rx-errors Includes the rx-error column in the show wireless radio statistics command. The rx-error column
displays the total number of receive errors received by the wireless radio.
rx-packets Includes the rx-packets column in the show wireless radio statistics command. The rx-packets
column displays the total number of packets received by the wireless radio.
rx-throughput Includes the rx-throughput column in the show wireless radio statistics command. The
rx-throughput column displays the receive throughput at the wireless radio.
tx-bytes Includes the tx-bytes column in the show wireless radio statistics command. The tx-bytes column
displays the total number of bytes transmitted by the wireless radio.
tx-dropped Includes the tx-dropped column in the show wireless radio statistics command. The tx-dropped
column displays the total number of dropped packets by the wireless radio.
tx-packets Includes the tx-packets column in the show wireless radio statistics command. The tx-packets
column displays the total number of packets transmitted by the wireless radio.
tx-throughput Includes the tx-throughput column in the show wireless radio statistics command. The
tx-throughput column displays the transmission throughput at the wireless radio.

customize show-wireless-radio-stats-rf (average-retry-number,error-rate,noise,


q-index,radio-alias <3-67>,radio-id,radio-mac,rx-rate,signal,snr,t-index,tx-rate)

show-wireless-radio- Customizes the columns displayed for the show wireless radio stats RF command
stats-rf
average-retry-number Includes the average-retry-number column in the show wireless radio statistics RF command.
The average-retry-number column displays the average number of retransmissions per packet.
4 - 38 WiNG 5.4 FIPS Access Point CLI Reference Guide

error-rate Includes the error-rate column in the show wireless radio statistics RF command. The error-rate
column displays the error rate information for the wireless radio.
noise Includes the noise column in the show wireless radio statistics RF command. The mac column
displays the noise as detected by the wireless radio.
q-index Includes the q-index column in the show wireless client statistics RF command. The q-index
column displays the RF quality index, where a higher value indicates better RF quality.
radio-alias <3-67> Includes the radio-alias column in the show wireless radio statistics RF command. The
radio-alias column displays the radio alias along with AP's hostname and the radio interface
number in the HOSTNAME:RX format.
<3-67> Specify the radio-alias width column from 3 - 67 characters.
radio-id Includes the radio-id column in the show wireless radio statistics rf command. The radio-id
column displays the Radio ID along with the APs MAC address and the radio interface number
in the AA-BB-CC-DD-EE-FF:RX format.
radio-mac Includes the radio-mac column in the show wireless radio statistics RF command. The radio-mac
column displays the radios base MAC address.
rx-rate Includes the rx-rate column in the show wireless radio statistics RF command. The rx-rate column
displays the receive rate at the particular wireless radio.
signal Includes the signal column in the show wireless radio statistics RF command. The signal column
displays the signal strength at the particular wireless radio.
snr Includes the snr column in the show wireless radio statistics RF command. The snr column
displays the signal-to-noise ratio at the particular wireless radio.
t-index Includes the t-index column in the show wireless radio statistics RF command. The t-index
column displays the traffic utilization index at the wireless controller.
tx-rate Includes the tx-rate column in the show wireless radio statistics RF command. The tx-rate column
displays the packet transmission rate at the particular wireless radio.
Examples
[G]ap7131-4AA708(config)#customize show-wireless-client ap-name auth

[G]ap7131-4AA708(config)#commit

[G]ap7131-4AA708(config)#show wireless client


-----------------------
AP-NAME AUTH
-----------------------
-----------------------
Total number of wireless clients displayed: 0
[G]ap7131-4AA708(config)#
Related Commands

no Restores custom CLI settings to default


wireless Displays wireless configuration and other information
GLOBAL CONFIGURATION COMMANDS 4 - 39

4.1.9 device
Global Configuration Commands
Enables simultaneous configuration of multiple devices
Supported in the following platforms:
Access Points AP71XX
Syntax
device {containing|filter}

device containing <STRING> {filter type ap71xx}

device filter type ap71xx


Parameters
device containing <STRING> {filter type ap71xx}

device Configures a basic device profile


containing <STRING> Configures the search string to search for in the devices hostname. Only those devices that have
the search string in their hostname can be configured.
<STRING> Specify the string to search for in the hostname of the devices
filter type Optional. Filters out a specific device type
ap71xx Optional. Filters out devices other than AP71XXs

device filter type ap71xx

device Configures a basic device profile


filter-type Filters out a specific device type
ap71xx Filters out devices other than AP71XXs
Examples
[G]ap7131-4AA708(config)#device filter type ap71xx
[G]ap7131-4AA708(config-device-{'type': 'ap71xx'})#
Related Commands

no Removes multiple devices from the network


4 - 40 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.10 device-categorization
Global Configuration Commands
Categorizes devices as sanctioned or neighboring. Categorization of devices enables quick identification and blocking of rogue/
unsanctioned devices in the wireless controller managed network. Table 4.4 lists the command to enter the device
categorization configuration mode.
Table 4.4 Device-Categorization Config Command

Command Description Reference


device-categorization Creates a device categorization list and enters its configuration mode page 4-41
device-categorization- Summarizes device categorization list configuration mode commands page 4-42
mode commands
GLOBAL CONFIGURATION COMMANDS 4 - 41

4.1.10.1 device-categorization
device-categorization
Configures a device categorization list. This list categorizes devices as sanctioned or neighboring. This information determines
which devices are allowed access to the wireless controller managed network and which are rogue devices.
If a device categorization list does not exist, it is created.
Supported in the following platforms:
Access Points AP71XX
Syntax
device-categorization <DEVICE-CATEGORIZATION-LIST-NAME>
Parameters
device-categorization <DEVICE-CATEGORIZATION-LIST-NAME>

<DEVICE- Specify the device categorization list name. If a list with the same name does not exist, it is
CATEGORIZATION-LIST- created.
NAME>
Examples
[G]ap7131-4AA708(config)#device-categorization ap71xx
[G]ap7131-4AA708(config-device-categorization-ap71xx)#?
Device Category Mode commands:
mark-device Mark a device
no Negate a command or set its defaults

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal
[G]ap7131-4AA708(config-device-categorization-ap71xx)#
Related Commands

no Removes an existing device categorization list


4 - 42 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.10.2 device-categorization-mode commands


device-categorization
Table 4.5 summarizes device categorization configuration commands.
Table 4.5 Device-Categorization-Mode Commands

Command Description Reference


mark-device Adds a device to the device categorization list page 4-43
no Removes a device from the device categorization list page 4-44
clrscr Clears the display screen page 5-3
commit Commits (saves) changes made in the current session page 5-4
end Ends and exits the current mode and moves to the PRIV EXEC mode page 4-51
exit Ends the current mode and moves to the previous mode page 5-5
help Displays the interactive help system page 5-6
revert Reverts changes to their last saved configuration page 5-12
service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 6-4
write Writes information to memory or terminal page 5-33
GLOBAL CONFIGURATION COMMANDS 4 - 43

4.1.10.2.1 mark-device
device-categorization-mode commands
Adds a device to the device categorization list as sanctioned or neighboring. Devices are further classified as AP or client.
Supported in the following platforms:
Access Points AP71XX
Syntax
mark-device <1-1000> [sanctioned|neighboring] [ap|client]
mark-device <1-1000> [sanctioned|neighboring] ap {mac <MAC>|ssid <SSID> {mac <MAC>}}
mark-device <1-1000> [sanctioned|neighboring] client {mac <MAC>}
Parameters
mark-device <1-1000> [sanctioned|neighboring] ap {mac <MAC>|ssid <SSID> {mac <MAC>}}

<1-1000> Configures the device categorization entry index number


sanctioned Marks a device as sanctioned. A sanctioned device is authorized to use network resources by
providing correct credentials.
neighboring Marks a device as neighboring. A neighboring device is a neighbor in the same network as this
device.
ap Marks a specified AP as sanctioned or neighboring based on its MAC address or SSID
{mac <MAC>| mac <MAC> Optional. Specify the APs MAC address
ssid <SSID>}
ssid <SSID> Optional. Specify the APs SSID. After specifying the SSID, you can optionally
specify its MAC SSID.
Note: All APs are marked if no specific MAC address or SSID is provided.
mark-device [sanctioned|neighboring] client {mac <MAC>}

<1-1000> Configures the device categorization entry index number


sanctioned Marks the wireless client as sanctioned. A sanctioned device is authorized to use network
resources by providing correct credentials.
neighboring Marks the wireless client as neighboring. A neighboring device is a neighbor in the same network
as this device.
client {mac <MAC>} Marks a specified wireless client as sanctioned or neighboring based on its MAC address
mac <MAC> Optional. Specify the wireless clients MAC address
Examples
[G]ap7131-4AA708(config-device-categorization-ap71xx)#mark-device 1 sanctioned ap
mac 11-22-33-44-55-66

[G]ap7131-4AA708(config-device-categorization-ap71xx)#show context
device-categorization ap71xx
mark-device 1 sanctioned ap mac 11-22-33-44-55-66
[G]ap7131-4AA708(config-device-categorization-ap71xx)#
Related Commands

no Removes a device marking entry from the device categorization list


4 - 44 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.10.2.2 no
device-categorization-mode commands
Removes a device from the device categorization list
Supported in the following platforms:
Access Points AP71XX
Syntax
no mark-device <1-1000> [neighboring|sanctioned] [ap|client]
no mark-device <1-1000> [sanctioned|neighboring] client {mac <MAC>}
no mark-device <1-1000> [sanctioned|neighboring] ap {mac <MAC>|ssid <SSID> {mac <MAC>}}
Parameters
no mark-device <1-1000> [sanctioned|neighboring] ap {mac <MAC>|ssid <SSID> {mac <MAC>}}

no mark-device Removes a device from the marked devices list


<1-1000> Specify the mark device entry index.
sanctioned Removes a device marked as sanctioned
neighboring Removes a device marked as neighboring
ap Removes a AP marked as sanctioned or neighboring based on its MAC address or SSID
{mac <MAC>| mac <MAC> Optional. Specify the APs MAC address
ssid <SSID>}
ssid <SSID> Optional. Specify the APs SSID. After specifying the SSID, you can optionally
specify its MAC SSID.
no mark-device <1-1000> [sanctioned|neighboring] client {mac <MAC>}

no mark-device Removes a device from the marked devices list


<1-1000> Specify the mark device entry index.
sanctioned Removes a wireless client as sanctioned
neighboring Removes a wireless client marked as neighboring
client Removes a wireless client marked as sanctioned or neighboring based on its MAC address
{mac <MAC>} mac <MAC> Optional. Specify the wireless clients MAC address.
Examples
[G]ap7131-4AA708(config-device-categorization-ap71xx)#show context
device-categorization ap71xx
mark-device 1 sanctioned ap mac 11-22-33-44-55-66
[G]ap7131-4AA708(config-device-categorization-ap71xx)#
[G]ap7131-4AA708(config-device-categorization-ap71xx)#no mark-device 1 sanctioned ap
mac 11-22-33-44-55-66
[G]ap7131-4AA708(config-device-categorization-ap71xx)#show context
device-categorization ap71xx
[G]ap7131-4AA708(config-device-categorization-ap71xx)#
Related Commands

mark-device Adds a device to a list of sanctioned or neighboring devices


GLOBAL CONFIGURATION COMMANDS 4 - 45

4.1.11 dhcp-server-policy
Global Configuration Commands
Configures DHCP server policy parameters, such as class, address range, and options. A new policy is created if it does not
exist.
Supported in the following platforms:
Access Points AP71XX
Syntax
dhcp-server-policy <DHCP-POLICY-NAME>
Parameters
dhcp-server-policy <DHCP-POLICY-NAME>

<DHCP-POLICY-NAME> Specify the DHCP policy name. If the policy does not exist, it is created.
Examples
[G]ap7131-4AA708(config)#dhcp-server-policy default
[G]ap7131-4AA708(config-dhcp-policy-default)#?
DHCP policy Mode commands:
bootp BOOTP specific configuration
dhcp-class Configure DHCP class (for address allocation using DHCP
user-class options)
dhcp-pool Configure DHCP server address pool
no Negate a command or set its defaults
option Define DHCP server option
ping Specify ping parameters used by DHCP Server

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal
[G]ap7131-4AA708(config-dhcp-policy-default)#
Related Commands

no Removes an existing DHCP server policy

NOTE: For more information on DHCP policy, see Chapter 12, DHCP-SERVER-POLICY.
4 - 46 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.12 dns-whitelist
Global Configuration Commands
Configures a whitelist of devices permitted to access the wireless controller managed network or a hotspot. Table 4.6 lists DNS
Whitelist configuration mode commands.
Table 4.6 DNS-Whitelist Config Command

Command Description Reference


dns-whitelist Creates a DNS whitelist and enters its configuration mode page 4-47
dns-whitelist-mode Summarizes DNS whitelist configuration mode commands page 4-48
commands
GLOBAL CONFIGURATION COMMANDS 4 - 47

4.1.12.1 dns-whitelist
dns-whitelist
Configures a DNS whitelist. A DNS whitelist is a list of domains allowed access to the wireless controller managed network.
Supported in the following platforms:
Access Points AP71XX
Syntax
dns-whitelist <DNS-WHITELIST-NAME>
Parameters
dns-whitelist <DNS-WHITELIST-NAME>

<DNS-WHITELIST- Specify the DNS whitelist name. If the whitelist does not exist, it is created.
NAME>
Examples
[G]ap7131-4AA708(config)#dns-whitelist test
[G]ap7131-4AA708(config-dns-whitelist-test)#?
DNS Whitelist Mode commands:
no Negate a command or set its defaults
permit Match a host
clrscr Clears the display screen
commit Commit all changes made in this session
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-dns-whitelist-test)#
Related Commands

no Removes a DNS Whitelist


4 - 48 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.12.2 dns-whitelist-mode commands


dns-whitelist
Table 4.7 summarizes DNS white list configuration mode commands.
Table 4.7 DNS-Whitelist-Mode Commands

Command Description Reference


permit Permits a host, existing on a DNS whitelist, access to the wireless controller managed page 4-49
network or captive portal
no Negates a command or sets its default values page 4-50
clrscr Clears the display screen page 5-3
commit Commits (saves) changes made in the current session page 5-4
end Ends and exits the current mode and moves to the PRIV EXEC mode page 4-51
exit Ends the current mode and moves to the previous mode page 5-5
help Displays the interactive help system page 5-6
revert Reverts changes to their last saved configuration page 5-12
service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 6-8
write Writes information to memory or terminal page 5-33
GLOBAL CONFIGURATION COMMANDS 4 - 49

4.1.12.2.3 permit
dns-whitelist-mode commands
A whitelist is a list of host names and IP addresses permitted access to the wireless controller managed network or captive
portal. This command adds a device by its hostname or IP address to the DNS whitelist.
Supported in the following platforms:
Access Points AP71XX
Syntax
permit <IP/HOSTNAME> {suffix}
Parameters
permit <IP/HOSTNAME> {suffix}

<IP/HOSTNAME> Adds a device to the DNS whitelist


<IP/HOSTNAME> Specify the devices IP address or hostname.
suffix Optional. Matches any hostname including the specified name as suffix
Examples
[G]ap7131-4AA708(config-dns-whitelist-test)#permit motorolasolutions.com suffix

[G]ap7131-4AA708(config-dns-whitelist-test)#show context
dns-whitelist test
permit motorosolutions.com suffix
[G]ap7131-4AA708(config-dns-whitelist-test)#
Related Commands

no Resets or disables DNS whitelist commands


4 - 50 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.12.2.4 no
dns-whitelist-mode commands
Removes a specified host or IP address from the DNS whitelist, and prevents it from accessing network resources
Supported in the following platforms:
Access Points AP71XX
Syntax
no permit <IP/HOSTNAME>
Parameters
no permit <IP/HOSTNAME>

<IP/HOSTNAME> Removes a device from the DNS whitelist (identifies the device by its IP address or hostname)
<IP/HOSTNAME> Specify the devices IP address or hostname
Examples
[G]ap7131-4AA708(config-dns-whitelist-test)#show context
dns-whitelist test
permit motorolasolutions.com suffix
[G]ap7131-4AA708(config-dns-whitelist-test)#

[G]ap7131-4AA708(config-dns-whitelist-test)#no permit motorolasolutions.com

[G]ap7131-4AA708(config-dns-whitelist-test)#show context
dns-whitelist test1
[G]ap7131-4AA708(config-dns-whitelist-test)#
Related Commands

permit Adds a device to the DNS whitelist


GLOBAL CONFIGURATION COMMANDS 4 - 51

4.1.13 end
Global Configuration Commands
Ends and exits the current mode and moves to the PRIV EXEC mode
The prompt changes to the PRIV EXEC mode.
Supported in the following platforms:
Access Points AP71XX
Syntax
end
Parameters
None
Examples
[G]ap7131-4AA708(config)#end
[G]ap7131-4AA708#
4 - 52 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.14 event-system-policy
Global Configuration Commands
Configures how events are supported by the wireless controller. Each event can be configured individually to perform an action
such as sending an e-mail or forwarding a notification to its parent wireless controller etc. Table 4.8 lists event system
configuration mode commands.
Table 4.8 Event-System-Policy Config Command

Command Description Reference


event-system-policy Creates an event system policy and enters its configuration mode page 4-53
event-system-policy- Summarizes event system policy configuration mode commands page 4-54
mode commands
GLOBAL CONFIGURATION COMMANDS 4 - 53

4.1.14.1 event-system-policy
event-system-policy
Configures a system wide events handling policy
Supported in the following platforms:
Access Points AP71XX
Syntax
event-system-policy <EVENT-SYSTEM-POLICY-NAME>
Parameters
event-system-policy <EVENT-SYSTEM-POLICY-NAME>

<EVENT-SYSTEM- Specify the event system policy name. If the policy does not exist, it is created.
POLICY-NAME>
Examples
[G]ap7131-4AA708(config)#event-system-policy event-testpolicy
[G]ap7131-4AA708(config-event-system-policy-event-testpolicy)#?
Event System Policy Mode commands:
event Configure an event
no Negate a command or set its defaults
clrscr Clears the display screen
commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-event-system-policy-event-testpolicy)#
Related Commands

no Removes an event system policy


4 - 54 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.14.2 event-system-policy-mode commands


event-system-policy
Table 4.9 summarizes event system policy configuration mode commands.
Table 4.9 Event-System-Policy Mode Commands

Command Description Reference


event Configures an event page 4-55
no Negates a command or sets its default values page 4-64
clrscr Clears the display screen page 5-3
commit Commits (saves) changes made in the current session page 5-4
end Ends and exits the current mode and moves to the PRIV EXEC mode page 4-51
exit Ends the current mode and moves to the previous mode page 5-5
help Displays the interactive help system page 5-6
revert Reverts changes to their last saved configuration page 5-12
service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 6-4
write Writes information to memory or terminal page 5-33
GLOBAL CONFIGURATION COMMANDS 4 - 55

4.1.14.2.1 event
event-system-policy-mode commands
Configures an event and sets the action performed when the event happens
Supported in the following platforms:
Access Points AP71XX
Syntax
event <EVENT-TYPE> <EVENT-NAME> (email,forward-to-switch,snmp,syslog) [default|on|off]
The even types are:

[G]ap7131-4AA708(config-event-system-policy-testpolicy)#event ?
aaa AAA/Radius module
ap Access Point module
captive-portal Captive Portal
certmgr Certificate Manager
cfgd Cfgd module
cluster Cluster module
crm Critical Resource Monitoring
dhcpsvr DHCP Configuration Daemon
diag Diag module
dot11 802.11 management module
dot1x 802.1X Authentication
fwu Fwu module
isdn Isdn module
licmgr License module
mesh Mesh module
nsm Network Services Module
pm Process-monitor module
radconf Radius Configuration Daemon
radio Radio module
securitymgr Securitymgr module
smrt Smart-rf module
smtpnot Smtpnot module
system System module
test Test module
vrrp Virtual Router Redundancy Protocol
wips Wireless IPS module

[G]ap7131-4AA708(config-event-system-policy-testpolicy)#

NOTE: The parameter values for <EVENT-TYPE> and <EVENT-NAME> are summarized in
the table under the Parameters section.
4 - 56 WiNG 5.4 FIPS Access Point CLI Reference Guide

Parameters
event <EVENT-TYPE> <EVENT> (email,forward-to-switch,snmp,syslog) [default|on|off]

<event-type> <event-name>
aaa Configures authentication, authorization, and accounting related event messages
radius-discon-msg RADIUS disconnection message
radius-session-expired RADIUS session expired message
radius-session-not-started RADIUS session not started message
radius-vlan-update RADIUS VLAN update message
ap Configures AP event messages
adopted Event AP adopted message
adopted-to-controller Event AP adopted to wireless controller message
ap-adopted Event access port adopted message
ap-autoup-done Event AP autoup done message
ap-autoup-fail Event AP autoup fail message
ap-autoup-needed Event AP autoup needed message
ap-autoup-no-need Event AP autoup not needed message
ap-autoup-reboot Event AP autoup reboot message
ap-autoup-timeout Event AP autoup timeout message
ap-autoup-ver Event AP autoup version message
ap-reset-detected Event access port reset detected message
ap-reset-request Event access port user requested reset message
ap-timeout Event access port timed out message
ap-unadopted Event access port unadopted message
image-parse-failure Event image parse failure message
legacy-auto-update Event legacy auto update message
no-image-file Event no image file message
reset Event reset message
sw-conn-lost Event software connection lost message
unadopted Event unadopted message
GLOBAL CONFIGURATION COMMANDS 4 - 57

<event-type> <event-name>
captive-portal Configures captive portal (hotspot) related event messages
allow-access Event client allowed access message
auth-failed Event authentication failed message
auth-success Event authentication success message
client-disconnect Event client disconnected message
client-removed Event client removed message
data-limit-exceed Event client exceeds specified data limit message
flex-log-access Event flexible log access granted to client message
inactivity-timeout Event client time-out due to inactivity message
page-cre-failed Event page creation failure message
purge-client Event client purged message
session-timeout Event session timeout message
certmgr Configures certificate manager related event messages
ca-cert-actions-failure Event CA certificate actions failure message
ca-cert-actions-success Event CA certificate actions success message
ca-key-actions-failure Event CA key actions failure message
ca-key-actions-success Event CA key actions success message
cert-expiry Event certificate expiry message
crl-actions-failure Event Certificate Revocation List (CRL) actions failure message
crl-actions-success Event CRL actions success message
csr-export-failure Event CSR export failure message
csr-export-success Event CSR export success message
delete-trustpoint-action Event delete trustpoint action message
export-trustpoint Event export trustpoint message
import-trustpoint Event import trustpoint message
rsa-key-actions-failure Event RSA key actions failure message
rsa-key-actions-success Event RSA key actions success message
svr-cert-actions-success Event server certificate actions success message
svr-cert-actions-failure Event server certificate actions failure message
cfgd Configures configuration daemon module related event messages
acl-attached-altered Event Access List (ACL) attached altered message
acl-rule-altered Event ACL rule altered message
cluster Configures cluster module related messages
cmaster-cfg-update-fail Event cluster master config update failed message
max-exceeded Event maximum cluster count exceeded message
crm Configures Critical Resource Monitoring (CRM) related event messages
critical-resource-down Event Critical Resource Down message
critical-resource-up Event Critical Resource Up message
4 - 58 WiNG 5.4 FIPS Access Point CLI Reference Guide

<event-type> <event-name>
dhcpsvr Configures DHCP server related event messages
dhcp-start Event DHCP server started message
dhcpsvr-stop Event DHCP sever stopped message
relay-iface-no-ip Event no IP address on DHCP relay interface message
relay-no-iface Event no interface for DHCP relay message
relay-start Event relay agent started
relay-stop Event DHCP relay agent stopped
diag Configures diagnostics module related event messages
autogen-tech-sprt Event autogen technical support message
buf-usage Event buffer usage message
cpu-load Event CPU load message
disk-usage Event disk usage message
elapsed-time Event elapsed time message
fan-underspeed Event fan underspeed message
fd-count Event forward count message
free-flash-disk Event free flash disk message
free-flash-inodes Event free flash inodes message
free-nvram-disk Event free nvram disk message
free-nvram-inodes Event free nvram inodes message
free-ram Event free ram message
free-ram-disk Event free ram disk message
free-ram-inodes Event free ram inodes message
head-cache-usage Event head cache usage message
high-temp Event high temp message
ip-dest-usage Event ip destination usage message
led-identify Event led identify message
low-temp Event low temp message
new-led-state Event new led state message
over-temp Event over temp message
over-voltage Event over voltage message
poe-init-fail Event PoE init fail message
poe-power-level Event PoE power level message
poe-read-fail Event PoE read fail message
poe-state-change Event PoE state change message
ram-usage Event ram usage message
under-voltage Event under voltage message
wd-reset-sys Event wd reset system message
wd-state-change Event wd state change message
GLOBAL CONFIGURATION COMMANDS 4 - 59

<event-type> <event-name>
dot11 Configures 802.11 management module related event messages
client-associated Wireless client associated event message
client-denied-assoc Event client denied association message
client-disassociated Wireless client disassociated message
country-code Event country code message
country-code-error Event country code error message
eap-cached-keys Event EAP cached keys message
eap-client-timeout Event EAP client timeout message
eap-failed Event EAP failed message
eap-opp-cached-keys Event EAP opp cached keys message
eap-preauth-client-timeout Event EAP pre authentication client timeout message
eap-preauth-failed Event EAP pre authentication failed message
eap-preauth-server-timeout Event EAP pre authentication server timeout message
eap-preauth-success Event EAP pre authentication success message
eap-server-timeout Event EAP server timeout message
eap-success Event EAP success message
move-operation-success Event move operation success message
neighbor-denied-assoc Event neighbor denied association message
unsanctioned-ap-active Event unsanctioned AP active message
unsanctioned-ap-inactive Event unsanctioned AP inactive message
unsanctioned-ap-status-change Event unsanctioned AP status change
voice-call-completed Event voice call completed message
voice-call-failed Event voice call failed message
wlan-time-access-disable Event WLAN disabled by time-based-access message
wlan-time-access-enable Event WLAN re-enabled by time-based-access message
wpa-wpa2-failed Event WPA-WPA2 failed message
wpa-wpa2-key-rotn Event WPA-WPA2 key rotn message
wpa-wpa2-success Event WPA-WPA2 success message
dot1x Configures 802.1X authentication related event messages
dot1x-failed Event EAP authentication failure message
dot1x-success Event dot1x-success message
4 - 60 WiNG 5.4 FIPS Access Point CLI Reference Guide

<event-type> <event-name>
fwu Configures firmware update related event messages
fwuaborted Event fwu aborted message
fwubadconfig Event fwu bad config message
fwucorruptedfile Event fwu corrupted file message
fwucouldntgetfile Event fwu could not get file message
fwudone Event fwu done message
fwufileundef Event fwu file undefined message
fwunoneed Event fwu no need message
fwuprodmismatch Event fwu prod mismatch message
fwuserverundef Event fwu server undefined message
fwuserverunreachable Event fwu server unreachable message
fwusignmismatch Event fwu signature mismatch message
fwusyserr Event fwu system error message
fwuunsupportedhw Event fwu unsupported hardware message
fwuvermismatch Event fwu version mismatch message
isdn Configures file Integrated Service Digital Network (ISDN) module related event messages
isdn-alert Event ISDN alert message
isdn-crit Event ISDN crit message
isdn-debug Event ISDN debug message
isdn-emerg Event ISDN emergency message
isdn-err Event ISDN error message
isdn-info Event ISDN info message
isdn-notice Event ISDN notice message
isdn-warning Event ISDN warning message
licmgr Configures license manager module related event messages
lic-installed-count Event total number of license installed count message
lic-installed-default Event default license installation message
lic-installed Event license installed message
lic-invalid Event license installation failed message
lic-removed Event license removed message
mesh Configures mesh module related event messages
mesh-link-down Event mesh link down message
mesh-link-up Event mesh link up message
meshpoint-down Event meshpoint down message
meshpoint-loop-prevent-off Event meshpoint loop prevent off message
meshpoint-loop-prevent-on Event meshpoint loop prevent on message
meshpoint-up Event meshpoint up message
GLOBAL CONFIGURATION COMMANDS 4 - 61

<event-type> <event-name>
nsm Configures Network Service Module (NSM) related event message
dhcpc-err Event DHCP certification error message
dhcpdefrt Event DHCP defrt message
dhcpip Event DHCP IP message
dhcpipchg Event DHCP IP change message
dhcpipnoadd Event DHCP IP overlaps static IP address message
dhcplsexp Event DHCP lease expiry message
dhcpnak Event DHCP server returned DHCP NAK response
dhcpnodefrt Event interface no default route message
if-failback Event interface failback message
if-failover EVENT Interface failover message
ifdown Event interface down message
ifipcfg Event interface IP config message
ifup Event interface up message
nsm-ntp Event translate host name message
pm Configures process monitor module related event messages
procid Event proc ID message
procmaxrstrt Event proc max restart message
procnoresp Event proc no response message
procrstrt Event proc restart message
procstart Event proc start message
procstop Event proc stop message
procsysrstrt Event proc system restart message
startupcomplete Event startup complete message
radconf Configures RADIUS configuration daemon related event messages
could-not-stop-radius Event could not stop RADIUS server message
radiusdstart Event RADIUS server started message
radiusdstop Event RADIUS server stopped message
radio Configures radio module related event messages
acs-scan-complete Event ACS scan completed
acs-scan-started Event ACS scan started
channel-country-mismatch Event channel and country of operation mismatch message
radar-detected Event radar detected message
radar-scan-completed Event radar scan completed message
radar-scan-started Event radar scan started message
radio-antenna-error Event invalid antenna type on this radio message
radio-antenna-setting Event antenna type setting on this radio message
radio-state-change Event radio state change message
resume-home-channel Event resume home channel message
4 - 62 WiNG 5.4 FIPS Access Point CLI Reference Guide

<event-type> <event-name>
securitymgr Configures the security manager module related event messages
deprecatedcli Event deprecated CLI message
fatal-hit Event fatal hit message
log-cli-error Event log CLI error message
userpassstrength Event user pass strength message
smrt Configures SMART RF module related event messages
calibration-done Event calibration done message
calibration-started Event calibration started message
config-cleared Configuration cleared event message
cov-hole-recovery Event coverage hole recovery message
cov-hole-recovery-done Event coverage hole recovery done message
interference-recovery Event interference recovery message
neighbor-recovery Event neighbor recovery message
power-adjustment Event power adjustment message
root-recovery Event meshpoint root recovery message
smtpnot Configures SMTP module related event messages
cfg Event cfg message
cfginc Event cfg inc message
net Event net message
proto Event proto message
smtpauth Event SMTP authentication message
smtperr Event SMTP error message
smtpinfo Event SMTP information message
system Configures system module related event messages
clock-reset Event clock reset message
guest-user-exp Guest user purging
login Event successful login message
login-fail Event login fail message. Occurs when user authentication fails.
login-fail-access Event login fail access message.Occurs in case of access violation.
login-fail-bad-role Event login fail bad role message. Occurs when user uses an invalid role
to logon.
logout Event logout message
panic Event panic message
procstop Event proc stop message
server-unreachable Event server-unreachable message
system-autoup-disable Event system autoup disable message
system-autoup-enable Event system autoup enable message
ui-user-auth-fail Event user authentication fail message
ui-user-auth-success Event user authentication success message
GLOBAL CONFIGURATION COMMANDS 4 - 63

<event-type> <event-name>
test Configures the test module related event messages
testalert Event test alert message
testargs Event test arguments message
testcrit Event test critical message
testdebug Event test debug message
testemerg Event test emergency message
testerr Event test error message
testinfo Event test information message
testnotice Event test notice message
testwarn Event test warning message
vrrp Configures Virtual Router Redundancy Protocol (VRRP) related event messages
vrrp-monitor-change Event VRRP monitor link state change message
vrrp-state-change Event VRRP state transition message
vrrp-vip-subnet-mismatch Event VRRP IP not overlapping with interface addresses message
wips Configures the Wireless IPS module related event messages
wips-client-blacklisted Event WIPS client blacklisted message
wips-client-rem-blacklist Event WIPS client rem blacklist message
wips-event Event WIPS event triggered message
email Sends e-mail notifications to a pre configured e-mail ID
forward-to-switch Forwards the messages to an external server
snmp Logs an SNMP event
syslog Logs event to syslog
default Performs the default action for the event
off Switches the event off, when the event happens, no action is performed
on Switches the event on, when the event happens, the configured action is taken
Examples
[G]ap7131-4AA708(config-event-system-policy-event-testpolicy)#event aaa radius-discon-
msg email on forward-to-switch default snmp default syslog default
[G]ap7131-4AA708(config-event-system-policy-event-testpolicy)#

[G]ap7131-4AA708(config-event-system-policy-test)#show context
event-system-policy test
event aaa radius-discon-msg email on
[G]ap7131-4AA708(config-event-system-policy-test)#
Related Commands

no Resets or disables events commands


4 - 64 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.14.2.2 no
event-system-policy-mode commands
Negates an event configuration
Supported in the following platforms:
Access Points AP71XX
Syntax
no <EVENT-TYPE> <EVENT-NAME> [email|forward-to-switch|snmp|syslog] [default|on|off]
Parameters
no <EVENT-TYPE> <EVENT-NAME> [email|forward-to-switch|snmp|syslog]
[default|on|off]

no <EVENT-TYPE> Removes specified event monitoring


<EVENT-NAME> <EVENT-TYPE> Select the event type.
<EVENT-NAME> After selecting the event type, specify the event name
Note: The system will stop monitoring the network for occurrence of the specified event and no
notification is sent if the event occurs.

NOTE: For more information on the available event types and corresponding event
names, see event.

Examples
[G]ap7131-4AA708(config-event-system-policy-test)#show context
event-system-policy test
event aaa radius-discon-msg email on
[G]ap7131-4AA708(config-event-system-policy-test)#

[G]ap7131-4AA708(config-event-system-policy-test)#no event aaa radius-discon-msg email

[G]ap7131-4AA708(config-event-system-policy-test)#show context
event-system-policy test
[G]ap7131-4AA708(config-event-system-policy-test)#
Related Commands

event Configures the action taken for each event


GLOBAL CONFIGURATION COMMANDS 4 - 65

4.1.15 firewall-policy
Global Configuration Commands
Configures a firewall policy. This policy defines a set of rules for managing network traffic and prevent unauthorized access to
the network behind the firewall while allowing authorized devices access.
Supported in the following platforms:
Access Points AP71XX
Syntax
firewall-policy <FIREWALL-POLICY-NAME>
Parameters
firewall-policy <FIREWALL-POLICY-NAME>

<FIREWALL-POLICY- Specify the firewall policy name. If a firewall policy does not exist, it is created.
NAME>
Examples
[G]ap7131-4AA708(config)#firewall-policy default
[G]ap7131-4AA708(config-fw-policy-default)#?
Firewall policy Mode commands:
alg Enable ALG
clamp Clamp value
dhcp-offer-convert Enable conversion of broadcast dhcp offers to
unicast
dns-snoop DNS Snooping
firewall Wireless firewall
flow Firewall flow
ip Internet Protocol (IP)
ip-mac Action based on ip-mac table
logging Firewall enhanced logging
no Negate a command or set its defaults
proxy-arp Enable generation of ARP responses on behalf
of another device
stateful-packet-inspection-l2 Enable stateful packet inspection in layer2
firewall
storm-control Storm-control
virtual-defragmentation Enable virtual defragmentation for IPv4
packets (recommended for proper functioning
of firewall)

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or
terminal

[G]ap7131-4AA708(config-fw-policy-default)#
Related Commands

no Removes an existing firewall policy


4 - 66 WiNG 5.4 FIPS Access Point CLI Reference Guide

NOTE: For more information on Firewall policy, see Chapter 13, FIREWALL-POLICY.
GLOBAL CONFIGURATION COMMANDS 4 - 67

4.1.16 host
Global Configuration Commands
Enters the configuration context of a remote device using its hostname
Supported in the following platforms:
Access Points AP71XX
Syntax
host <DEVICE-NAME>
Parameters
host <DEVICE-NAME>

<DEVICE-NAME> Specify the devices hostname. All discovered devices are displayed when Tab is pressed to auto
complete this command.
Examples
[G]ap7131-139B34(config)#host ap7131-139B34
[G]ap7131-139B34(config-device-00-23-68-13-9B-34)#
4 - 68 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.17 ip
Global Configuration Commands
Configures IP access control lists
Access lists define access to the wireless controller managed network using a set of rules. Each rule specifies an action taken
when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is
allowed.
Supported in the following platforms:
Access Points AP71XX
Syntax
ip access-list <IP-ACCESS-LIST-NAME>
Parameters
ip access-list <IP-ACCESS-LIST-NAME>

access-list Configures an IP access list


<IP-ACCESS-LIST- <IP-ACCESS-LIST-NAME> Specify the ACL name. If the access list does not exist, it is
NAME> created.
Examples
[G]ap7131-4AA708(config)#ip access-list test
[G]ap7131-4AA708(config-ip-acl-test)#?
ACL Configuration commands:
deny Specify packets to reject
no Negate a command or set its defaults
permit Specify packets to forward
clrscr Clears the display screen
commit Commit all changes made in this session
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-ip-acl-test)#
Related Commands

no Removes an IP access control list

NOTE: For more information on Access Control Lists, see Chapter 11, ACCESS-LIST.
GLOBAL CONFIGURATION COMMANDS 4 - 69

4.1.18 inline-password-encryption
Global Configuration Commands
Stores encryption key in the startup configuration file
Supported in the following platforms:
Access Points AP71XX
Syntax
inline-password-encryption
Parameters
None
Examples
[G]ap7131-139B34(config)#inline-password-encryption
[G]ap7131-139B34(config)#
4 - 70 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.19 l2tpv3
Global Configuration Commands
Configures a Layer 2 Tunnel Protocol Version 3 (L2TPV3) tunnel policy, used to create one or more L2TPV3 tunnels.
The L2TPV3 policy defines the control and encapsulation protocols needed for tunneling layer 2 frames between two IP nodes.
This policy enables creation of L2TPV3 tunnels for transporting Ethernet frames between bridge VLANs and physical GE ports.
L2TPV3 tunnels can be created between any vendor devices supporting L2TPV3 protocol.
Supported in the following platforms:
Access Points AP71XX
Syntax
l2tpv3 policy <L2TPV3-POLICY-NAME>
Parameters
l2tpv3 policy <L2TPV3-POLICY-NAME>

l2tpv3 policy Configures an L2TPV3 tunnel policy


<L2TPV3-POLICY-NAME> <L2TPV3-POLICY-NAME> Specify a policy name. The policy is created if it does not exist.
To modify an existing L2TPV3, specify its name.
Examples
[G]ap7131-4AA708(config)#l2tpv3 policy default
[G]ap7131-4AA708(config-l2tpv3-policy-default)#?
L2tpv3 Policy Mode commands:
cookie-size Size of the cookie field present in each l2tpv3 data
message
failover-delay Time interval for re-establishing the tunnel after
the failover (RF-Domain
manager/VRRP-master/Cluster-master failover)
force-l2-path-recovery Enables force learning of servers, gateways etc.,
behind the l2tpv3 tunnel when the tunnel is
established
hello-interval Configure the time interval (in seconds) between
l2tpv3 Hello keep-alive messages exchanged in l2tpv3
control connection
no Negate a command or set its defaults
reconnect-attempts Maximum number of attempts to reestablish the
tunnel.
reconnect-interval Time interval between the successive attempts to
reestablish the l2tpv3 tunnel
retry-attempts Configure the maximum number of retransmissions for
signaling message
retry-interval Time interval (in seconds) before the initiating a
retransmission of any l2tpv3 signaling message
rx-window-size Number of signaling messages that can be received
without sending the acknowledgement
tx-window-size Number of signaling messages that can be sent
without receiving the acknowledgement

clrscr Clears the display screen


commit Commit all changes made in this session
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-l2tpv3-policy-default)#
GLOBAL CONFIGURATION COMMANDS 4 - 71

Related Commands

no Removes an existing L2TPV3 tunnel policy


mint-policy Configures the global MiNT policy

NOTE: For more information on the L2TPV3 tunnel configuration mode and commands,
see Chapter 22, L2TPV3-POLICY.
4 - 72 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.20 mac
Global Configuration Commands
Configures MAC access control lists
Access lists define access to the wireless controller managed network using a set of rules. Each rule specifies an action taken
when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is
allowed.
Supported in the following platforms:
Access Points AP71XX
Syntax
mac access-list <MAC-ACCESS-LIST-NAME>
Parameters
mac access-list <MAC-ACCESS-LIST-NAME>

access-list Configures a MAC access control list


<IP-ACCESS-LIST- <MAC-ACCESS-LIST-NAME> Specify the ACL name. If the access control list does not exist,
NAME> it is created.
Examples
[G]ap7131-4AA708(config)#mac access-list test
[G]ap7131-4AA708(config-mac-acl-test)#?
MAC Extended ACL Configuration commands:
deny Specify packets to reject
no Negate a command or set its defaults
permit Specify packets to forward
clrscr Clears the display screen
commit Commit all changes made in this session
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-mac-acl-test)#
Related Commands

no Removes a MAC access control list

NOTE: For more information on Access Control Lists, see Chapter 11, ACCESS-LIST.
GLOBAL CONFIGURATION COMMANDS 4 - 73

4.1.21 management-policy
Global Configuration Commands
Configures a management policy. This policy configures parameters, such as services that run on a device, welcome messages,
banners, and others.
Supported in the following platforms:
Access Points AP71XX
Syntax
management-policy <MANAGEMENT-POLICY-NAME>
Parameters
management-policy <MANAGEMENT-POLICY-NAME>

<MANAGEMENT- Specify the management policy name. If the policy does not exist, it is created.
POLICY-NAME>
Examples
[G]ap7131-4AA708(config)#management-policy test
[G]ap7131-4AA708(config-management-policy-test)#?
Management Mode commands:
aaa-login Set authentication for logins
banner Define a login banner
https Secure HTTP
idle-session-timeout Configure idle timeout for a configuration session
(GUI or CLI)
no Negate a command or set its defaults
restrict-access Restrict management access to the device
snmp-server SNMP
ssh Enable ssh
user Add a user account
clrscr Clears the display screen
commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-management-policy-test)#
Related Commands

no Removes an existing management policy

NOTE: For more information on the parameters that can be configured in a management
policy, see Chapter 15, MANAGEMENT-POLICY.
4 - 74 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.22 meshpoint
Global Configuration Commands
Creates a new meshpoint and enters its configuration mode. You can use this command to select and configure existing
meshpoints.
Supported in the following platforms:
Access Points AP71XX
Syntax
meshpoint [<MESHPOINT-NAME>|containing <WORD>]
Parameters
meshpoint [<MESHPOINT-NAME>|containing]

<MESHPOINT-NAME> Specify the meshpoint name. If the meshpoint does not exist, it is created.
containing <WORD> Selects existing meshpoints containing the sub-string <WORD> in their names
Examples
[G]ap7131-4AA708(config)#meshpoint TestMeshpoint
[G]ap7131-4AA708(config-meshpoint-TestMeshpoint)#?
Mesh Point Mode commands:
allowed-vlans Set the allowed VLANs
beacon-format The beacon format of this meshpoint
control-vlan VLAN for meshpoint control traffic
data-rates Specify the 802.11 rates to be supported on this meshpoint
description Configure a description of the usage of this meshpoint
meshid Configure the Service Set Identifier for this meshpoint
neighbor Configure neighbor specific parameters
no Negate a command or set its defaults
root Set this meshpoint as root
security-mode The security mode of this meshpoint
shutdown Shutdown this meshpoint
use Set setting to use
wpa2 Modify ccmp wpa2 related parameters

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-meshpoint-TestMeshpoint)#
Related Commands

no Removes an existing meshpoint

NOTE: For more information on Meshpoint configuration parameters, see Chapter 26,
MESHPOINT
GLOBAL CONFIGURATION COMMANDS 4 - 75

4.1.23 meshpoint-qos-policy
Global Configuration Commands
Configures a set of parameters that defines the meshpoint quality of service (QoS) policy
Supported in the following platforms:
Access Points AP71XX
Syntax
meshpoint-qos-policy <MESHPOINT-QOS-POLICY-NAME>
Parameters
meshpoint-qos-policy <MESHPOINT-QOS-POLICY-NAME>

<MESHPOINT-QOS- Specify the meshpoint QoS policy name. If the policy does not exist, it is created.
POLICY-NAME>
Examples
[G]ap7131-4AA708(config)#meshpoint-qos-policy test
[G]ap7131-4AA708(config-meshpoint-qos-test)#?
Mesh Point QoS Mode commands:
accelerated-multicast Configure accelerated multicast streams address and
forwarding QoS classification
no Negate a command or set its defaults
rate-limit Configure traffic rate-limiting parameters on a
per-meshpoint/per-neighbor basis

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-meshpoint-qos-test)#
Related Commands

no Removes an existing meshpoint QoS policy

NOTE: For more information on Meshpoint QoS policy parameters, see Chapter 26,
MESHPOINT
4 - 76 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.24 mint-policy
Global Configuration Commands
Configures the global MiNT policy
Supported in the following platforms:
Access Points AP71XX
Syntax
mint-policy global-default
Parameters
mint-policy global-default

global-default Uses the global default policy


Examples
[G]ap7131-4AA708(config)#mint-policy global-default
[G]ap7131-4AA708(config-mint-policy-global-default)#?
Mint Policy Mode commands:
level Mint routing level
mtu Configure the global Mint MTU
no Negate a command or set its defaults

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-mint-policy-global-default)#
Related Commands

no Removes an existing MiNT policy

NOTE: For more information on Meshpoint configuration parameters, see Chapter 14,
MINT-POLICY.
GLOBAL CONFIGURATION COMMANDS 4 - 77

4.1.25 nac-list
Global Configuration Commands
The Network Access Control (NAC) policy configures a list of devices that can access a managed network based on their MAC
addresses. Table 4.10 lists NAC list configuration mode commands.
Table 4.10 NAC-List Config Command

Command Description Reference


nac-list Creates a NAC list policy and enters the configuration mode page 4-78
nac-list-mode Summarizes NAC list configuration mode commands page 4-79
commands
4 - 78 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.25.1 nac-list
nac-list
Configures a Network Access Control (NAC) list that controls access to the wireless controller managed network
Supported in the following platforms:
Access Points AP71XX
Syntax
nac-list <NAC-LIST-NAME>
Parameters
nac-list <NAC-LIST-NAME>

<NAC-LIST-NAME> Specify the NAC list name. If the NAC list does not exist, it is created.
Examples
[G]ap7131-4AA708(config)#nac-list test
[G]ap7131-4AA708(config-nac-list-test)#?
NAC List Mode commands:
exclude Specify MAC addresses to be excluded from the NAC enforcement list
include Specify MAC addresses to be included in the NAC enforcement list
no Negate a command or set its defaults

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-nac-list-test)#
Related Commands

no Removes a NAC list


GLOBAL CONFIGURATION COMMANDS 4 - 79

4.1.25.2 nac-list-mode commands


nac-list
Table 4.11 summarizes NAC list configuration mode commands.
Table 4.11 NAC-List-Mode Commands

Command Description Reference


exclude Specifies the MAC addresses excluded from the NAC enforcement list page 4-80
include Specifies the MAC addresses included in the NAC enforcement list page 4-81
no Cancels an exclude or an include NAC list rule page 4-82
clrscr Clears the display screen page 5-3
commit Commits (saves) changes made in the current session page 5-4
end Ends and exits the current mode and moves to the PRIV EXEC mode page 4-51
exit Ends the current mode and moves to the previous mode page 5-5
help Displays the interactive help system page 5-6
revert Reverts changes to their last saved configuration page 5-12
service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 6-4
write Writes information to memory or terminal page 5-33
4 - 80 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.25.2.1 exclude
nac-list-mode commands
Specifies the MAC addresses excluded from the NAC enforcement list
Supported in the following platforms:
Access Points AP71XX
Syntax
exclude <START-MAC> [<END-MAC> precedence <1-1000>|precedence <1-1000>]
Parameters
exclude <START-MAC> [<END-MAC> precedence <1-1000>|precedence <1-1000>]

<START-MAC> Specifies a range of MAC addresses or a single MAC address to exclude from the NAC enforcement
list
<START-MAC> Specify the first MAC address in the range.
Note: Use this parameter to specify a single MAC address.
<END-MAC> Specifies the last MAC address in the range (optional if a single MAC is added to the list)
<END-MAC> Specify the last MAC address in the range.
precedence <1-1000> Sets the rule precedence. Exclude entries are checked in the order of their rule precedence.
<1-1000> Specify a value from 1 - 1000.
Examples
[G]ap7131-4AA708(config-nac-list-test)#exclude 00-40-96-B0-BA-2A precedence 1

[G]ap7131-4AA708(config-nac-list-test)#show context
nac-list test
exclude 00-04-96-B0-BA-2A 00-04-66-A0-AB-2C precedence 1
[G]ap7131-4AA708(config-nac-list-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 81

4.1.25.2.2 include
nac-list-mode commands
Specifies the MAC addresses included in the NAC enforcement list
Supported in the following platforms:
Access Points AP71XX
Syntax
include <START-MAC> [<END-MAC> precedence <1-1000>|precedence <1-1000>]
Parameters
include <START-MAC> [<END-MAC> precedence <1-1000>|precedence <1-1000>]

<START-MAC> Specifies a range of MAC addresses or a single MAC address to include in the NAC enforcement
list
<START-MAC> Specify the first MAC address in the range.
Note: Use this parameter to specify a single MAC address
<END-MAC> Specifics the last MAC address in the range (optional if a single MAC is added to the list)
<END-MAC> Specify the last MAC address in the range.
precedence <1-1000> Sets the rule precedence. Exclude entries are checked in the order of their rule precedence.
<1-1000> Specify a value from 1 - 1000.
Examples
[G]ap7131-4AA708(config-nac-list-test)#include 00-15-70-38-06-49 precedence 2

[G]ap7131-4AA708(config-nac-list-test)#show context
nac-list test
exclude 00-04-96-B0-BA-2A 00-04-66-A0-AB-2C precedence 1
include 00-15-70-38-06-49 00-16-71-39-07-48 precedence 2
[G]ap7131-4AA708(config-nac-list-test)#
4 - 82 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.25.2.3 no
nac-list-mode commands
Cancels an exclude or an include NAC list rule
Supported in the following platforms:
Access Points AP71XX
Syntax
no [exclude|include]

no [exclude|include] <START-MAC> [<END-MAC> precedence <1-1000>|precedence <1-1000>]


Parameters
no [exclude|include] <START-MAC> [<END-MAC> precedence <1-1000>|precedence <1-1000>]

no exclude Removes an exclude rule


no include Removes an include rule
<START-MAC> Specifies a range of MACs included in/removed from the NAC enforcement list
Specify the first MAC address in the range.
Use this parameter to specify a single MAC address.
<END-MAC> Specify the last MAC address in the range.(optional if a single MAC is added to the list)
precedence <1-1000> Sets the rule precedence for this rule. Exclude entries are checked in the order of their rule
precedence.
<1-1000> Specify a value from 1 - 1000.
Examples
Following is the NAC list test settings before the no command is executed:

[G]ap7131-4AA708(config-nac-list-test)#show context
nac-list test
exclude 00-04-96-B0-BA-2A 00-04-66-A0-AB-2C precedence 1
include 00-15-70-38-06-49 00-16-71-39-07-48 precedence 2
[G]ap7131-4AA708(config-nac-list-test)#

[G]ap7131-4AA708(config-nac-list-test)#no exclude 00-40-96-B0-BA-2A precedence 1

Following is the NAC list test settings before the no command is executed:

[G]ap7131-4AA708(config-nac-list-test)#show context
nac-list test
include 00-15-70-38-06-49 00-16-71-39-07-48 precedence 2
[G]ap7131-4AA708(config-nac-list-test)#
Related Commands

exclude Specifies MAC addresses excluded from the NAC enforcement list
include Specifies MAC addresses included in the NAC enforcement list
GLOBAL CONFIGURATION COMMANDS 4 - 83

4.1.26 no
Global Configuration Commands
Negates a command, or reverts configured settings to their default values
Supported in the following platforms:
Access Points AP71XX
Syntax
no [aaa-policy|aaa-tacacs-policy|ap71xx|association-acl-policy|
auto-provisioning-policy|captive-portal|customize|device|device-categorization|
dhcp-server-policy|dns-whitelist|event-system-policy|firewall-policy|
igmp-snoop-policy|ip|l2tpv3|mac|management-policy|meshpoint|meshpoint-qos-policy|
nac-list|password-encryption|profile|radio-qos-policy|radius-group|
radius-server-policy|radius-user-pool-policy|rf-domain|role-policy|routing-policy|
smart-rf-policy|wips-policy|wlan|wlan-qos-policy|service]
no [aaa-policy|aaa-tacacs-policy|advanced-wips-policy|auto-provisioning-policy|
captive-portal|device-categorization|dhcp-server-policy|dns-whitelist|
event-system-policy|firewall-policy|ip|l2tpv3|mac|management-policy|meshpoint|
meshpoint-qos-policy|nac-list|radio-qos-policy|radius-group|radius-server-policy|
radius-user-pool-policy|role-policy|ruting-policy|smart-rf-policy|wips-policy|
wlan-qos-policy]

no ap71xx

no device {containing <WORD>} {filter type ap71xx}

no customize [hostname-column-width|show-wireless-client|show-wireless-client-stats|
show-wireless-radio|show-wireless-radio-stats|show-wireless-radio-stats-rf]

no password-encryption secret 2 <OLD-PASSPHRASE>

no profile {ap71xx|containing|filter}

no wlan [<WLAN-NAME>|all|containing <WLAN-NAME-SUBSTRING>]


no service set [command-history|reboot-history|upgrade-history] {on <DEVICE-NAME>}
Parameters
no [aaa-policy|aaa-tacacs-policy|advanced-wips-policy|auto-provisioning-policy|
captive-portal|device-categorization|dhcp-server-policy|dns-whitelist|
event-system-policy|firewall-policy|ip|l2tpv3|mac|management-policy|meshpoint|
meshpoint-qos-policy|nac-list|radio-qos-policy|radius-group|radius-server-policy|
radius-user-pool-policy|role-policy|routing-policy|smart-rf-policy|wips-policy|
wlan-qos-policy]

no aaa-policy Deletes the specified AAA policy


<POLICY-NAME>
no aaa-tacacs-policy Deletes the specified AAA TACACS policy
<POLICY-NAME>
no advanced-wips- Deletes the specified advanced WIPS policy
policy
<POLICY-NAME>
no auto-provisioning- Deletes the specified auto provisioning policy
policy
<POLICY-NAME>
4 - 84 WiNG 5.4 FIPS Access Point CLI Reference Guide

no captive-portal Deletes the specified captive portal


<CAPTIVE-PORTAL-
NAME>
no device-categorization Deletes the specified device categorization list
<DEVICE-
CATEGORIZATION-LIST-
NAME>
no dhcp-server-policy Deletes the specified DHCP server policy
<POLICY-NAME>
no dns-whitelist Deletes the specified DNS Whitelist
<DNS-WHITELIST-
NAME>
no event-system-policy Deletes the specified event system policy
<POLICY-NAME>
no firewall-policy Deletes the specified firewall policy
POLICY-NAME>
no ip access-list Deletes the specified IP access list
<IP-ACCESS-LIST-
NAME>
no l2tpv3 policy Deletes the specified L2TPV3 policy
<L2TPV3-POLICY- Note: Default L2TPV3 policy cannot be deleted.
NAME>
no mac access-list Deletes the specified MAC access list
<MAC-ACCESS-LIST-
NAME>
no management-policy Deletes the specified management policy
<POLICY-NAME>
no meshpoint Deletes the specified meshpoint
<MESHPOINT-NAME>
no meshpoint-qos-policy Deletes the specified meshpoint QoS policy
<POLICY-NAME>
no nac-list Deletes the specified NAC list
<NAC-LIST-NAME>
no radio-qos-policy Deletes the specified radio QoS policy
<POLICY-NAME>
no radius-group Deletes the specified RADIUS group
<RADIUS-GROUP-
NAME>
no radius-server-policy Deletes the specified RADIUS server policy
<POLICY-NAME>
GLOBAL CONFIGURATION COMMANDS 4 - 85

no radius-user-pool- Deletes the specified RADIUS user pool policy


policy <POLICY-NAME>
no rf-domain Deletes the specified RF Domain
<RF-DOMAIN-NAME>
no role-policy Deletes the specified role policy
<POLICY-NAME>
no routing-policy Deletes the specified routing policy
<POLICY-NAME>
no smart-rf-policy Deletes the specified smart RF policy
<POLICY-NAME>
no wips-policy Deletes the specified WIPS policy
<POLICY-NAME>
no wlan-qos-policy Deletes the specified WLAN QoS policy
<policy-name>

no ap71xx <MAC>

no ap71xx Removes a AP71XX from the network


<MAC> Identifies the device to remove by its MAC address. It is common to all of the above.
<MAC> Specify the devices MAC address in the AA-BB-CC-DD-EE-FF format.
no device {containing <WORD>} {filter type ap71xx}

no device Removes single or multiple devices based on the filter options provided
containing <WORD> Optional. Removes devices with hostname containing the substring specified by the <WORD>
keyword
filter type Optional. Filters devices based on the device type
<DEVICE-TYPE> type <DEVICE-TYPE> Select the access point or wireless controller type
no customize [hostname-column-width|show-wireless-client|show-wireless-client-
stats|show-wireless-radio|show-wireless-radio-stats|show-wireless-radio-stats-rf]

no customize Restores the output of the show wireless client parameters to default
no passowrd-encryption secret 2 <OLD-PASSPHRASE>

no password-encryption Disables password encryption

no profile {ap71xx|containing|filter}

no profile Removes a profile and its associated configurations


ap71xx Optional. Removes a AP71XX profile
<PROFILE-NAME> <PROFILE-NAME> Specify profile name.
4 - 86 WiNG 5.4 FIPS Access Point CLI Reference Guide

containing <STRING> Optional. Specifies profiles that contain a sub-string in the profile name
<STRING> Specify the syb string to match.
filter type Optional. Specifies additional selection filter

no wlan [<WLAN-NAME>|all|containing <WLAN-NAME-SUBSTRING>]

no wlan Removes a WLAN based


<WLAN-NAME> Identifies the WLAN name
all Removes all WLANs
containing <WLAN- Removes WLANs whose names contain string specified by <WLAN-NAME-SUBSTRING>
NAME-SUBSTRING>

no service set [command-history|reboot-history|upgrade-history] {on <DEVICE-NAME>}

no service set Resets service command parameters


command-history Resets command history file size to default (200)
reboot-history Resets reboot history file size to default (50)
upgrade-history Resets upgrade history file size to default (50)
on <DEVICE-NAME> Optional. Resets service command parameters on a specified device
<DEVICE-NAME> Specify name of the AP or wireless controller
Examples
[G]ap7131-4AA708(config)#no ?
aaa-policy Delete a aaa policy
aaa-tacacs-policy Delete a aaa tacacs policy
ap71xx Delete an AP71XX access point
association-acl-policy Delete an association-acl policy
auto-provisioning-policy Delete an auto-provisioning policy
captive-portal Delete a captive portal
customize Restore the custom cli commands to default
device Delete multiple devices
device-categorization Delete device categorization object
dhcp-server-policy DHCP server policy
dns-whitelist Delete a whitelist object
event-system-policy Delete a event system policy
firewall-policy Configure firewall policy
igmp-snoop-policy Remove device onboard igmp snoop policy
ip Internet Protocol (IP)
l2tpv3 Negate a command or set its defaults
mac MAC configuration
management-policy Delete a management policy
meshpoint Delete a meshpoint object
meshpoint-qos-policy Delete a mesh point QoS configuration policy
nac-list Delete an network access control list
profile Delete a profile and all its associated
configuration
radio-qos-policy Delete a radio QoS configuration policy
radius-group Local radius server group configuration
radius-server-policy Remove device onboard radius policy
radius-user-pool-policy Configure Radius User Pool
rf-domain Delete one or more RF-domains and all their
associated configurations
role-policy Role based firewall policy
routing-policy Policy Based Routing Configuratino
smart-rf-policy Delete a smart-rf-policy
GLOBAL CONFIGURATION COMMANDS 4 - 87

wips-policy Delete a wips policy


wlan Delete a wlan object
wlan-qos-policy Delete a wireless lan QoS configuration policy

service Service Commands

[G]ap7131-4AA708(config)#
4 - 88 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.27 password-encryption
Global Configuration Commands
Enables password encryption within a configuration
Supported in the following platforms:
Access Points AP71XX
Syntax
password-encryption secret 2 <LINE>
Parameters
password-encryption secret 2 <LINE>

secret 2 <LINE> Encrypts passwords with a secret phrase


2 Specifies the encryption type as either SHA256 or AES256
<LINE> Specify the encryption passphrase.
Examples
[G]ap7131-4AA708(config)#password-encryption secret 2 motorola
[G]ap7131-4AA708(config)#
Related Commands

no Disables password encryption


GLOBAL CONFIGURATION COMMANDS 4 - 89

4.1.28 profile
Global Configuration Commands
Configures profile related commands. If no parameters are given, all profiles are selected.
Supported in the following platforms:
Access Points AP71XX
Syntax
profile {ap71xx|containing|filter}

profile {ap71xx} <DEVICE-PROFILE-NAME>

profile {containing SUB-STIRNG>} {filter type ap71xx}

profile {filter type ap71xx}


Parameters
profile {ap71xx} <DEVICE-PROFILE-NAME>

profile Configures device profile commands. If no device profile is specified, the system configures all
device profiles.
ap71xx Optional. Configures AP71XX profile commands
<DEVICE-PROFILE- After specifying the profile type, specify a substring in the profile name to filter profiles
NAME>
profile {containing <SUB-STRING>} {filter type ap71xx}

profile Configures device profile commands


containing Optional. Configures profiles that contain a specified sub-string in the hostname
<SUB-STRING> <SUB-STRING> Specify a substring in the profile name to filter profiles.
filter type Optional. An additional filter used to configure a specific type of device profile. If no device type is
specified, the system configures all device profiles.
type Filters profiles by the device type
ap71xx Optional. Selects a AP71XX profile

profile {filter type ap71xx}

profile Configures device profile commands


filter type Optional. An additional filter used to configure a specific type of device profile. If no device
type is specified, the system configures all device profiles.
type Filters profiles by the device type
ap71xx Optional. Selects a AP71XX profile
4 - 90 WiNG 5.4 FIPS Access Point CLI Reference Guide

Examples
[G]ap7131-4AA708(config)#profile ap71xx default-ap71xx
[G]ap7131-4AA708(config-profile-default-ap71xx)#?
Profile Mode commands:
ap-upgrade AP firmware upgrade
area Set name of area where the system is
located
arp Address Resolution Protocol (ARP)
auto-learn-staging-config Enable learning network configuration of
the devices that come for adoption
autoinstall Autoinstall settings
bridge Ethernet bridge
captive-portal Captive portal
cdp Cisco Discovery Protocol
configuration-persistence Enable persistence of configuration
across reloads (startup config file)
controller Add controller
critical-resource Critical Resource
crypto Encryption related commands
dscp-mapping Configure IP DSCP to 802.1p priority
mapping for untagged frames
email-notification Email notification configuration
enforce-version Check the firmware versions of devices
before interoperating
events System event messages
export Export a file
floor Set name of a floor within a area where
the system is located
interface Select an interface to configure
ip Internet Protocol (IP)
l2tpv3 L2tpv3 protocol
led Turn LEDs on/off on the device
legacy-auto-downgrade Enable device firmware to auto downgrade
when other legacy devices are detected
lldp Link Layer Discovery Protocol
load-balancing Configure load balancing parameter
logging Modify message logging facilities
mac-address-table MAC Address Table
memory-profile Memory profile to be used on the device
meshpoint-device Configure meshpoint device parameters
meshpoint-monitor-interval Configure meshpoint monitoring interval
min-misconfiguration-recovery-time Check controller connectivity after
configuration is received
mint MiNT protocol
misconfiguration-recovery-time Check controller connectivity after
configuration is received
neighbor-inactivity-timeout Configure neighbor inactivity timeout
neighbor-info-interval Configure neighbor information exchange
interval
no Negate a command or set its defaults
noc Configure the noc related setting
ntp Ntp server A.B.C.D
power-config Configure power mode
preferred-controller-group Controller group this system will prefer
for adoption
preferred-tunnel-controller Tunnel Controller Name this system will
prefer for tunneling extended vlan
traffic
radius Configure device-level radius
authentication parameters
rf-domain-manager RF Domain Manager
router Dynamic routing
spanning-tree Spanning tree
tunnel-controller Tunnel Controller group this controller
belongs to
use Set setting to use
virtual-controller Enable Controller AP
vrrp VRRP configuration
GLOBAL CONFIGURATION COMMANDS 4 - 91

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous
mode
help Description of the interactive help
system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or
terminal

[G]ap7131-4AA708(config-profile-default-ap71xx)#

NOTE: For more information on profiles and how to configure profiles, see Chapter 7,
PROFILES.

Related Commands

no Removes a profile and its associated configurations


4 - 92 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.29 radio-qos-policy
Global Configuration Commands
Configures a radio quality-of-service (QoS) policy
Supported in the following platforms:
Access Points AP71XX
Syntax
radio-qos-policy <RADIO-QOS-POLICY-NAME>
Parameters
radio-qos-policy <RADIO-QOS-POLICY-NAME>

<RADIO-QOS-POLICY- Specify the radio QoS policy name. If the policy does not exist, it is created.
NAME>
Examples
[G]ap7131-4AA708(config)#radio-qos-policy test
[G]ap7131-4AA708(config-radio-qos-test)#?
Radio QoS Mode commands:
accelerated-multicast Configure multicast streams for acceleration
admission-control Configure admission-control on this radio for one or
more access categories
no Negate a command or set its defaults
smart-aggregation Configure smart aggregation parameters
wmm Configure 802.11e/Wireless MultiMedia parameters

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal
[G]ap7131-4AA708(config-radio-qos-test)#

NOTE: For more information on radio qos policy, see Chapter 17, RADIO-QOS-POLICY.

Related Commands

no Removes an existing Radio QoS policy


GLOBAL CONFIGURATION COMMANDS 4 - 93

4.1.30 radius-group
Global Configuration Commands
Configures RADIUS user group parameters
Supported in the following platforms:
Access Points AP71XX
Syntax
radius-group <RADIUS-GROUP-NAME>
Parameters
radius-group <RADIUS-GROUP-NAME>

<RADIUS-GROUP-NAME> Specify a RADIUS user group name. The name should not exceed 64 characters. If the RADIUS
user group does not exist, it is created.
Examples
[G]ap7131-4AA708(config)#radius-group testgroup
[G]ap7131-4AA708(config-radius-group-testgroup)#?
Radius user group configuration commands:
guest Make this group a Guest group
no Negate a command or set its defaults
policy Radius group access policy configuration
rate-limit Set rate limit for group

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal
[G]ap7131-4AA708(config-radius-group-testgroup)#

NOTE: For more information on RADIUS user group commands, see Chapter 16,
RADIUS-POLICY.

Related Commands

no Removes an existing RADIUS group


4 - 94 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.31 radius-server-policy
Global Configuration Commands
Creates an onboard device RADIUS policy
Supported in the following platforms:
Access Points AP71XX
Syntax
radius-server-policy <RADIUS-SERVER-POLICY-NAME>
Parameters
radius-server-policy <RADIUS-SERVER-POLICY-NAME>

<RADIUS-SERVER- Specify the RADIUS server policy name. If the policy does not exist, it is created.
POLICY-NAME>
Examples
[G]ap7131-4AA708(config)#radius-server-policy testpolicy
[G]ap7131-4AA708(config-radius-server-policy-testpolicy)#?
Radius Configuration commands:
authentication Radius authentication
chase-referral Enable chasing referrals from LDAP server
crl-check Enable Certificate Revocation List( CRL ) check
ldap-group-verification Enable LDAP Group Verification setting
ldap-server LDAP server parameters
local RADIUS local realm
nas RADIUS client
no Negate a command or set its defaults
proxy RADIUS proxy server
session-resumption Enable session resumption/fast reauthentication by
using cached attributes
use Set setting to use
clrscr Clears the display screen
commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-radius-server-policy-testpolicy)#

NOTE: For more information on RADIUS server policy commands, see Chapter 16,
RADIUS-POLICY.

Related Commands

no Removes an existing RADIUS server policy


GLOBAL CONFIGURATION COMMANDS 4 - 95

4.1.32 radius-user-pool-policy
Global Configuration Commands
Configures a RADIUS user pool
Supported in the following platforms:
Access Points AP71XX
Syntax
radius-user-pool-policy <RADIUS-USER-POOL-POLICY-NAME>
Parameters
radius-user-pool-policy <RADIUS-USER-POOL-POLICY-NAME>

<RADIUS-USER-POOL- Specify the RADIUS user pool policy name. If the policy does not exist, it is created.
POLICY-NAME>
Examples
[G]ap7131-4AA708(config)#radius-user-pool-policy testpool
[G]ap7131-4AA708(config-radius-user-pool-testpool)#?
Radius User Pool Mode commands:
no Negate a command or set its defaults
user Radius user configuration

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-radius-user-pool-testpool)#

NOTE: For more information on RADIUS user group commands, see Chapter 16,
RADIUS-POLICY.

Related Commands

no Removes an existing RADIUS user pool


4 - 96 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.33 rf-domain
Global Configuration Commands
An RF Domain groups devices that can logically belong to one network. The RF Domain policy configures a set of parameters
that enable devices configured quickly as belonging to a particular RF Domain. Table 4.12 lists command to enter RF Domain
configuration mode.
Table 4.12 RF-Domain Config Commands

Command Description Reference


rf-domain Creates a RF Domain policy and enters its configuration mode page 4-97
rf-domain-mode Invokes RF Domain configuration mode commands page 4-98
commands
GLOBAL CONFIGURATION COMMANDS 4 - 97

4.1.33.1 rf-domain
rf-domain
Only default rf-domain is available on AP71XX. New rf-domains can not be created.
Supported in the following platforms:
Access Points AP71XX
Syntax
rf-domain {<RF-DOMAIN-NAME>|containing <DOMAIN-NAME>}
Parameters
rf-domain {<RF-DOMAIN-NAME>|containing <DOMAIN-NAME>}

<RF-DOMAIN-NAME> Optional. Specify the RF Domain name. The name should not exceed 32 characters and should
represent the intended purpose. Once created, the name cannot be edited.
containing Optional. Specify an existing RF Domain that contains a specified sub-string in the domain name
<DOMAIN-NAME> <DOMAIN-NAME> Specify a sub-string of the RF Domain name.
Examples
[G]ap7131-4AA708(config)#rf-domain default
[G]ap7131-4AA708(config-rf-domain-default)#?
RF Domain Mode commands:
channel-list Configure channel list to be advertised to wireless
clients
contact Configure the contact
control-vlan VLAN for control traffic on this RF Domain
country-code Configure the country of operation
dhcp-redundancy Enable DHCP redundancy
layout Configure layout
location Configure the location
mac-name Configure MAC address to name mappings
no Negate a command or set its defaults
override-smartrf Configured RF Domain level overrides for smart-rf
override-wlan Configure RF Domain level overrides for wlan
sensor-server Motorola AirDefense sensor server configuration
stats Configure the stats related setting
timezone Configure the timezone
use Set setting to use

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-rf-domain-default)#
4 - 98 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.33.2 rf-domain-mode commands


rf-domain
This section describes the default commands under RF Domain.
Table 4.13 summarises RF Domain configuration commands.
Table 4.13 RF-Domain-Mode Commands

Command Description Reference


channel-list Configures the channel list advertised by radios page 4-99
contact Configures details of the person to contact (the network administrator) in case of page 4-100
any problems impacting the RF Domain
control-vlan Configures VLAN for traffic control on a RF Domain page 4-101
country-code Configures the country of operation page 4-102
dhcp-redundancy Enables DHCP redundancy on a RF Domain page 4-103
layout Configures layout information page 4-104
location Configures the physical location of a RF Domain page 4-105
mac-name Maps MAC addresses to names page 4-106
no Negates a command or reverts configured settings to their default values page 4-107
override-smart-rf Configures RF Domain level overrides for Smart RF page 4-109
override-wlan Configures RF Domain level overrides for WLAN page 4-110
sensor-server Configures an AirDefense sensor server on this RF Domain page 4-111
stats Configures stats related settings on this RF Domain. These settings define how page 4-112
RF Domain statistics are updated
timezone Configures a RF Domains geographic time zone page 4-113
use Enables the use of a specified Smart RF and/or WIPS policy page 4-114
clrscr Clears the display screen page 5-3
commit Commits (saves) changes made in the current session page 5-4
end Ends and exits the current mode and moves to the PRIV EXEC mode page 4-51
exit Ends the current mode and moves to the previous mode page 5-5
help Displays the interactive help system page 5-6
revert Reverts changes to their last saved configuration page 5-12
service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 6-4
write Writes information to memory or terminal page 5-33
GLOBAL CONFIGURATION COMMANDS 4 - 99

4.1.33.2.4 channel-list
rf-domain-mode commands
Configures the channel list advertised by radios. This command also enables dynamic update of a channel list
Supported in the following platforms:
Access Points AP71XX
Syntax
channel-list [2.4GHz|5GHz|dynamic]

channel-list dynamic

channel-list [2.4GHz|5GHz] <CHANNEL-LIST>


Parameters
channel-list dynamic

dynamic Enables dynamic update of a channel list

channel-list [2.4GHz|5GHz] <CHANNEL-LIST>

2.4GHz <CHANNEL- Configures the channel list advertised by radios operating in the 2.4GHz mode
LIST> <CHANNLE-LIST> Specify the list of channels separated by commas or hyphens.
5GHz <CHANNEL- Configures the channel list advertised by radios operating in the 5GHz mode
LIST> <CHANNLE-LIST> Specify the list of channels separated by commas or hyphens.
Examples
[G]ap7131-4AA708(config-rf-domain-default)#channel-list 2.4GHz 1-10

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
no country-code
channel-list 2.4GHz 1,2,3,4,5,6,7,8,9,10
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Removes the list of channels configured on the selected RF Domain for 2.4GHz and 5GHz bands.
Also disables dynamic update of a channel list.
4 - 100 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.33.2.5 contact
rf-domain-mode commands
Configures the contact (the network administrator) in case of problems or issues impacting the RF Domain
Supported in the following platforms:
Access Points AP71XX
Syntax
contact <WORD>
Parameters
contact <WORD>

contact <WORD> Specify contact details, such as name and number.


Examples
[G]ap7131-4AA708(config-rf-domain-default)#contact Bob+19621212577
[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
no country-code
channel-list 2.4GHz 1,2,3,4,5,6,7,8,9,10
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Removes contact details configured for a RF Domain


GLOBAL CONFIGURATION COMMANDS 4 - 101

4.1.33.2.6 control-vlan
rf-domain-mode commands
Configures VLAN for traffic control in this RF Domain
Supported in the following platforms:
Access Points AP71XX
Syntax
control-vlan <1-4094>
Parameters
control-vlan <1-4094>

<1-4094> Specify the VLAN ID from 1 - 4094.


Examples
[G]ap7131-4AA708(config-rf-domain-default)#control-vlan 1
[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
no country-code
channel-list 2.4GHz 1,2,3,4,5,6,7,8,9,10
control-vlan 1
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Disables the VLAN for controlling traffic in a RF Domain


4 - 102 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.33.2.7 country-code
rf-domain-mode commands
Configures a RF Domains country of operation. Since device channels transmit in specific channels unique to the country of
operation, it is essential to configure the country code correctly or risk using the access point illegally.
Supported in the following platforms:
Access Points AP71XX
Syntax
country-code <WORD>
Parameters
country-code <WORD>

country-code Configures the RF Domains country of operation


<WORD> Specify the 2 letter ISO-3166 country code.
Examples
[G]ap7131-4AA708(config-rf-domain-default)#country-code in

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
country-code us
channel-list 2.4GHz 1,2,3,4,5,6,7,8,9,10
control-vlan 1
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Removes the country of operation configured on a RF Domain


GLOBAL CONFIGURATION COMMANDS 4 - 103

4.1.33.2.8 dhcp-redundancy
rf-domain-mode commands
Enables DHCP redundancy in this RF Domain
Supported in the following platforms:
Access Points AP71XX
Syntax
dhcp-redundancy
Parameters
None
Examples
[G]ap7131-4AA708(config-rf-domain-default)#dhcp-redundancy

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
country-code us
dhcp-redundancy
channel-list 2.4GHz 1,2,3,4,5,6,7,8,9,10
control-vlan 1
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Removes RF Domain DHCP redundancy


4 - 104 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.33.2.9 layout
rf-domain-mode commands
Configures the RF Domain layout in terms of area, floor, and location on a map. It allows users to place APs across the
deployment map. A maximum of 256 layouts is permitted.
Supported in the following platforms:
Access Points AP71XX
Syntax
layout [area|floor|map-location]

layout [(area <AREA-NAME>|floor <FLOOR-NAME>)]

layout map-location <URL> units [feet|meters] {(area <AREA-NAME>|floor <FLOOR-NAME>)}


Parameters
layout [(area <AREA-NAME>|floor <FLOOR-NAME>)]

layout Configures the RF Domain layout in terms of area, floor, and location on a map
area <AREA-NAME> Configures the RF Domain area name
<AREA-NAME> Specify the area name.
floor <FLOOR-NAME> Configures the RF Domain floor name
<FLOOR-NAME> Specify the floor name.

layout map-location <URL> units [feet|meters] {(area <AREA-NAME>|


floor <FLOOR-NAME>)}

layout Configures the RF Domain layout in terms of area, floor, and location on a map
map-location <URL> Configures the location of the RF Domain on the map
units [feet|meters] <URL> Specify the URL to configure the map location.
units [feet|meters] Configures the map units in terms of feet or meters
Note: After configuring the location, optionally configure the area and floor of the RF Domain.
area <AREA-NAME> Optional. Configures the RF Domain area name. Specify area name.
floor <FLOOR-NAME> Optional. Configures the RF Domain floor name. Specify floor name.
Examples
[G]ap7131-4AA708(config-rf-domain-default)#layout map-location www.firstfloor.com units
meters area Ecospace floor Floor5

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
country-code us
dhcp-redundancy
channel-list 2.4GHz 1,2,3,4,5,6,7,8,9,10
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
control-vlan 1
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Removes the RF Domain layout details


GLOBAL CONFIGURATION COMMANDS 4 - 105

4.1.33.2.10 location
rf-domain-mode commands
Configures the physical location of the wireless controller RF Domain. The location could be as specific as the building name
or floor number. Or it could be generic and include an entire site. The location defines the physical area where a common set
of device configurations are deployed and managed by a RF Domain policy.
Supported in the following platforms:
Access Points AP71XX
Syntax
location <WORD>
Parameters
location <WORD>

location <WORD> Configures the RF Domain location by specifying the area or building name
<WORD> Specify the location.
Examples
[G]ap7131-4AA708(config-rf-domain-default)#location SanJose

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
location SanJose
contact Bob+19621212577
country-code us
dhcp-redundancy
channel-list 2.4GHz 1,2,3,4,5,6,7,8,9,10
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
control-vlan 1
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Removes the RF Domain location


4 - 106 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.33.2.11 mac-name
rf-domain-mode commands
Configures a relevant name for each MAC address
Supported in the following platforms:
Access Points AP71XX
Syntax
mac-name <MAC> <NAME>
Parameters
mac-name <MAC> <NAME>

mac-name Configures a relevant name for each MAC address


<MAC> <NAME> Specifies the MAC address
<NAME> Specify a friendly name for this MAC address to use in events and statistics.
Examples
[G]ap7131-4AA708(config-rf-domain-default)#mac-name 11-22-33-44-55-66 TestDevice
[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
location SanJose
contact Bob+19621212577
country-code us
dhcp-redundancy
channel-list 2.4GHz 1,2,3,4,5,6,7,8,9,10
mac-name 11-22-33-44-55-66 TestDevice
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
control-vlan 1
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Removes the MAC address to name mapping


GLOBAL CONFIGURATION COMMANDS 4 - 107

4.1.33.2.12 no
rf-domain-mode commands
Negates a command or reverts configured settings to their default. When used in the config RF Domain mode, the no command
negates or reverts RF Domain settings.
Supported in the following platforms:
Access Points AP71XX
Syntax
no [channel-list|contact|control-vlan|country-code|dhcp-redundancy|layout|location|
mac-name|override-smartrf|override-wlan|sensor-server|stats|timezone|use]
Parameters
no [channel-list|contact|control-vlan|country-code|dhcp-redundancy|layout|
location|mac-name|override-smartrf|override-wlan|sensor-server|stats|timezone|use]

no channel-list Removes the channel list for 2.4GHz and 5GHz bands. Also disables dynamic update of a channel
list
no contact Removes contact details configured
no control-vlan Removes VLAN configured for controlling traffic
no country-code Removes the country of operation configured
no dhcp-redundancy Removes DHCP redundancy
no layout Removes the RF Domain layout details
no location Removes the RF Domain location details
no mac-name Removes the MAC address to name mapping
no override-smartrf Resets the override Smart RF settings to default
no override-wlan Resets the override WLAN settings to default
no sensor-server Disables an AirDefense sensor server details
no stats Resets RF Domain stats settings
no timezone Removes the RF Domains time zone
no use Resets RF Domain profile settings
4 - 108 WiNG 5.4 FIPS Access Point CLI Reference Guide

Examples
Following is the RF Domain settings before the no command is executed:
[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
location SanJose
contact Bob+19621212577
country-code us
dhcp-redundancy
channel-list 2.4GHz 1,2,3,4,5,6,7,8,9,10
mac-name 11-22-33-44-55-66 TestDevice
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
control-vlan 1
[G]ap7131-4AA708(config-rf-domain-default)#

[G]ap7131-4AA708(config-rf-domain-default)#no channel-list 2.4GHz 1-10


[G]ap7131-4AA708(config-rf-domain-default)#no mac-name 11-22-33-44-55-66
[G]ap7131-4AA708(config-rf-domain-default)#no location
[G]ap7131-4AA708(config-rf-domain-default)#no control-vlan

Following is the RF Domain settings after the no command is executed:

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
country-code us
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

channel-list Configures the channel list advertised by radios, and enables dynamic update of channel lists
contact Configures details of the person to contact (or the administrator) in case of any problems or issues
impacting the RF Domain
control-vlan Configures a VLAN for traffic control
country-code Configures a RF Domains country of operation
dhcp-redundancy Enables a RF Domains DHCP redundancy
layout Configures a RF Domains layout maps
location Configures a RF Domains deployment location
mac-name Configures a relevant name for each MAC address
override-smart-rf Configures RF Domain level overrides for Smart RF
override-wlan Configures RF Domain level overrides for WLAN
sensor-server Configures an AirDefense sensor server
stats Configures RF Domain stats settings
timezone Configures a RF Domains geographic time zone
use Enables the use of a Smart RF and/or WIPS policy
GLOBAL CONFIGURATION COMMANDS 4 - 109

4.1.33.2.13 override-smart-rf
rf-domain-mode commands
Configures RF Domain level overrides for a Smart RF policy
Supported in the following platforms:
Access Points AP71XX
Syntax
override-smartrf channel-list [2.4GHz|5GHZ] <CHANNEL-LIST>
Parameters
override-smartrf channel-list [2.4GHz|5GHZ] <CHANNEL-LIST>

override-smartrf Configures RF Domain level overrides for a Smart RF policy


channel-list Enables the selection of a channel list for a Smart RF policy
2.4GHz Selects the 2.4GHz band
<CHANNEL-LIST> <CHANNEL-LIST> Specify a list of channels separated by commas.
5GHz Selects the 5GHz band
<CHANNEL-LIST> <CHANNEL-LIST> Specify a list of channels separated by commas.
Examples
[G]ap7131-4AA708(config-rf-domain-default)#override-smartrf channel-list 2.4GHz 1,2,3

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
country-code us
override-smartrf channel-list 2.4GHz 1,2,3
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Resets the override Smart RF settings its default


4 - 110 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.33.2.14 override-wlan
rf-domain-mode commands
Configures RF Domain level overrides for a WLAN
Supported in the following platforms:
Access Points AP71XX
Syntax
overrides-wlan <WLAN> [ssid|vlan-pool|wpa-wpa2-psk]

overrides-wlan <WLAN> [ssid <SSID>|vlan-pool <1-4094> {limit <0-8192>}|


wpa-wpa2-psk <PASSPHRASE>]
Parameters
overrides-wlan <WLAN> [ssid <SSID>|vlan-pool <1-4094> {limit <0-8192>}|wpa-wpa2-psk
<PASSPHRASE>]

<WLAN> Configures the WLAN name


The name should not exceed 32 characters and should represent the WLAN coverage area. After
creating the WLAN, configure its override parameters.
ssid <SSID> Configures a override Service Set Identifier (SSID) associated with this WLAN
The SSID should not exceed 32 characters.
vlan-pool <1-4094> Configures the override VLANs available to this WLAN
{limit <0-8192>} <1-4094> Specify the VLAN ID from 1 - 4094.
limit <0-8192> Optional. Sets a limit to the number of users on this VLAN from 0 - 8192. The
default is 0.
wpa-wpa2-psk Configures the WPA-WPA2 key or passphrase for this WLAN
<PASSPHRASE> <PASSPHRASE> Specify a WPA-WPA2 key or passphrase.
Examples
[G]ap7131-4AA708(config-rf-domain-default)#override-wlan test vlan-pool 2 limit 20

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
country-code us
override-smartrf channel-list 2.4GHz 1,2,3
override-wlan test vlan-pool 2 limit 20
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Resets the override WLAN settings its default


GLOBAL CONFIGURATION COMMANDS 4 - 111

4.1.33.2.15 sensor-server
rf-domain-mode commands
Configures an AirDefense sensor server on this RF Domain. Sensor servers allow network administrators to monitor and
download data from multiple sensors remote locations using Ethernet TCP/IP or serial communications. This enables
administrators to respond quickly to interferences and coverage problems.
Supported in the following platforms:
Access Points AP71XX
Syntax
sensor-server <1-3> ip <IP> {port [443|8443|<1-65535>]}
Parameters
sensor-server <1-3> ip <IP> {port [443|8443|<1-65535>]}

Sensor-server <1-3> Configures an AirDefense sensor server parameters


<1-3> Select the server ID from 1 - 3. The server with the lowest defined ID is reached first by
the wireless controller. The default is 1.
ip <IP> Configures the (non DNS) IP address of the sensor server
<IP> Specify the IP address of the sensor server.
port Optional. Configures the sensor server port. The options are:
[443|8443| 443 Configures port 443, the default port used by the AirDefense server
<1-65535>]
8843 Configures port 883, the default port used by advanced WIPS on a wireless controller
<1-6553> Allows you to select a WIPS/AirDefense sensor server port from 1 - 65535
Examples
[G]ap7131-4AA708(config-rf-domain-default)#sensor-server 2 ip 172.16.10.3 port 443

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
country-code us
sensor-server 2 ip 172.16.10.3
override-smartrf channel-list 2.4GHz 1,2,3
override-wlan test vlan-pool 2 limit 20
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Disables an AirDefense sensor server parameters


4 - 112 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.33.2.16 stats
rf-domain-mode commands
Configures stats settings that define how RF Domain statistics are updated
Supported in the following platforms:
Access Points AP71XX
Syntax
stats [open-window|update-interval]

stats open-window <1-2> {sample-interval <5-86640>} {size <3-100>}

stats update-interval [<5-300>|auto]


Parameters
stats open-window <1-2> {sample-interval <5-86640>} {size <3-100>}

stats Configures stats related settings on this RF Domain


open-window <1-2> Opens a stats window to get trending data
<1-2> Configures a numerical index ID for this RF Domain statistics
sample-interval Optional. Configures the interval at which the wireless controller captures statistics supporting
<5-86640> this RF Domain
<5-86640> Specify the sample interval from 5 - 86640 seconds. The default is 5 seconds.
size <3-100> Optional. After specifying the interval time you might specify the number of samples used by the
wireless controller to define RF Domain statistics.
<3-100> Specify the number of samples from 3 - 100. The default is 6 samples.
stats update-interval [<5-300>|auto]

stats Configures stats related settings on this RF Domain


update-interval Configures the interval at which RF Domain statistics are updated. The options are:
[<5-300>|auto] <5-300> Specify an update interval from 5 - 300 seconds.
auto The RF Domain manager automatically adjusts the update interval based on the load.
Examples
[G]ap7131-4AA708(config-rf-domain-default)#stats update-interval 200

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
stats update-interval 200
country-code us
sensor-server 2 ip 172.16.10.3
override-smartrf channel-list 2.4GHz 1,2,3
override-wlan test vlan-pool 2 limit 20
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Resets stats related settings


GLOBAL CONFIGURATION COMMANDS 4 - 113

4.1.33.2.17 timezone
rf-domain-mode commands
Configures the RF Domains geographic time zone. Configuring the time zone is essential for RF Domains deployed across
different geographical locations.
Supported in the following platforms:
Access Points AP71XX
Syntax
timezone <TIMEZONE>
Parameters
timezone <TIMEZONE>

time <TIMEZONE> Specify the RF Domains time zone.


Examples
[G]ap7131-4AA708(config-rf-domain-default)#timezone America/Los_Angeles

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
timezone America/Los_Angeles
stats update-interval 200
country-code us
sensor-server 2 ip 172.16.10.3
override-smartrf channel-list 2.4GHz 1,2,3
override-wlan test vlan-pool 2 limit 20
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Removes a RF Domains time zone


4 - 114 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.33.2.18 use
rf-domain-mode commands
Enables the use of Smart RF and WIPS with this RF Domain
Supported in the following platforms:
Access Points AP71XX
Syntax
use [smart-rf-policy|wips-policy]

use [smart-rf-policy <SMART-RF-POLICY-NAME>|wips-policy <WIPS-POLICY-NAME>]


Parameters
use [smart-rf-policy <SMART-RF-POLICY-NAME>|wips-policy <WIPS-POLICY-NAME>]

use Uses a Smart RF policy with this RF Domain


smart-rf-policy Specifies a Smart RF policy
<SMART-RF-POLICY- <SMART-RF-POLICY-NAME> Specify the Smart RF policy name.
NAME>
wips-policy Specifies a WIPS policy
<WIPS-POLICY-NAME> <WIPS-POLICY-NAME> Specify the WIPS policy name.
Examples
[G]ap7131-4AA708(config-rf-domain-default)#use smart-rf-policy Smart-RF1
[G]ap7131-4AA708(config-rf-domain-default)#use wips-policy WIPS1

[G]ap7131-4AA708(config-rf-domain-default)#show context
rf-domain default
contact Bob+19621212577
timezone America/Los_Angeles
stats update-interval 200
country-code us
use smart-rf-policy Smart-RF1
use wips-policy WIPS1
sensor-server 2 ip 172.16.10.3
override-smartrf channel-list 2.4GHz 1,2,3
override-wlan test vlan-pool 2 limit 20
layout area Ecospace floor Floor5 map-location www.firstfloor.com units meters
[G]ap7131-4AA708(config-rf-domain-default)#
Related Commands

no Resets profiles used with this RF Domain


GLOBAL CONFIGURATION COMMANDS 4 - 115

4.1.34 role-policy
Global Configuration Commands
Configures a role-based firewall policy
Supported in the following platforms:
Access Points AP71XX
Syntax
role-policy <ROLE-POLICY-NAME>
Parameters
role-policy <ROLE-POLICY-NAME>

<ROLE-POLICY-NAME> Specify the role policy name. If the policy does not exist, it is created.
Examples
[G]ap7131-4AA708(config)#role-policy role1
[G]ap7131-4AA708(config-role-policy-role1)#?
Role Policy Mode commands:
default-role Configuration for Wireless Clients not matching any role
ldap-deadperiod Ldap dead period interval
ldap-mode Change the ldap mode
ldap-server Add a ldap server
ldap-service Enable ldap attributes in role definition
ldap-timeout Ldap query timeout interval
no Negate a command or set its defaults
user-role Create a role
clrscr Clears the display screen
commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-role-policy-role1)#

NOTE: For more information on Role policy commands, see Chapter 18, ROLE-POLICY.

Related Commands

no Removes an existing Role Policy


4 - 116 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.35 routing-policy
Global Configuration Commands
Configures a routing policy
Supported in the following platforms:
Access Points AP71XX
Syntax
role-policy <ROUTING-POLICY-NAME>
Parameters
role-policy <ROUTING-POLICY-NAME>

<ROUTING-POLICY- Specify the routing policy name. If the policy does not exist, it is created.
NAME>
Examples
[G]ap7131-4AA708(config)#routing-policy TestRoutingPolicy
[G]ap7131-4AA708(config-routing-policy-TestRoutingPolicy)#?
Routing Policy Mode commands:
apply-to-local-packets Use Policy Based Routing for packets generated by
the device
logging Enable logging for this Route Map
no Negate a command or set its defaults
route-map Create a Route Map
use Set setting to use

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-routing-policy-TestRoutingPolicy)#

NOTE: For more information on Role policy commands, see Chapter 24, ROUTING-
POLICY.

Related Commands

no Removes an existing Routing Policy


GLOBAL CONFIGURATION COMMANDS 4 - 117

4.1.36 self
Global Configuration Commands
Displays the devices configuration context
Supported in the following platforms:
Access Points AP71XX
Syntax
self
Parameters
None
Examples
[G]ap7131-139B34(config)#self
[G]ap7131-139B34(config-device-00-23-68-13-9B-34)#
4 - 118 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.37 smart-rf-policy
Global Configuration Commands
Configures a Smart RF policy
Supported in the following platforms:
Access Points AP71XX
Syntax
smart-rf-policy <SMART-RF-POLICY-NAME>
Parameters
smart-rf-policy <SMART-RF-POLICY-NAME>

<SMART-RF-POLICY- Specify the Smart RF policy name. If the policy does not exist, it is created.
NAME>
Examples
[G]ap7131-4AA708(config)#smart-rf-policy test
[G]ap7131-4AA708(config-smart-rf-policy-test)#?
Smart RF Mode commands:
assignable-power Specify the assignable power during power-assignment
channel-list Select channel list for smart-rf
channel-width Select channel width for smart-rf
coverage-hole-recovery Recover from coverage hole
enable Enable this smart-rf policy
group-by Configure grouping parameters
interference-recovery Recover issues due to excessive noise and
interference
neighbor-recovery Recover issues due to faulty neighbor radios
no Negate a command or set its defaults
root-recovery Recover issues due to poor root path metric
sensitivity Configure smart-rf sensitivity (Modifies various
other smart-rf configuration items)
smart-ocs-monitoring Smart off channel scanning

clrscr Clears the display screen


commit Commit all changes made in this session
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or term

[G]ap7131-4AA708(config-smart-rf-policy-test)#

NOTE: For more information on smart-rf policy commands, see Chapter 19, SMART-RF-
POLICY.

Related Commands

no Removes an existing Smart RF Policy


GLOBAL CONFIGURATION COMMANDS 4 - 119

4.1.38 wips-policy
Global Configuration Commands
Configures a WIPS policy
Supported in the following platforms:
Access Points AP71XX
Syntax
wips-policy <WIPS-POLICY-NAME>
Parameters
wips-policy <WIPS-POLICY-NAME>

<WIPS-POLICY-NAME> Specify the WIPS policy name. If the policy does not exist, it is created.
Examples
[G]ap7131-4AA708(config)#wips-policy test
[G]ap7131-4AA708(config-wips-policy-test)#?
Wips Policy Mode commands:
ap-detection Rogue AP detection
enable Enable this wips policy
event Configure an event
history-throttle-duration Configure the duration for which event duplicates
are not stored in history
interference-event Specify events which will contribute to smart-rf
wifi interference calculations
no Negate a command or set its defaults
signature Signature to configure
use Set setting to use

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-wips-policy-test)#

NOTE: For more information on WIPS policy commands, see Chapter 20, WIPS-POLICY.

Related Commands

no Removes an existing WIPS Policy


4 - 120 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39 wlan
Global Configuration Commands
Configures a wireless LAN.Table 4.14 lists WLAN configuration mode commands.
Table 4.14 WLAN-Policy Config Commands

Command Description Reference


wlan Creates a new wireless LAN and enters its configuration mode page 4-121
wlan-mode Summarizes WLAN configuration mode commands page 4-123
commands
GLOBAL CONFIGURATION COMMANDS 4 - 121

4.1.39.1 wlan
wlan
Configures a WLAN or enters WLAN configuration context for one or more WLANs
Supported in the following platforms:
Access Points AP71XX
Syntax
wlan {<WLAN-NAME>|containing <WLAN-NAME>}
Parameters
wlan {<WLAN-NAME>|containing <WLAN-NAME>}

wlan Configures a new wireless LAN


<WLAN-NAME> <WLAN-NAME> Optional. Specify the WLAN name.
containing Optional. Configures an existing WLANs configuration context
<WLAN-NAME> <WLAN-NAME> Specify a sub-string in the WLAN name. Use this parameter to filter a WLAN
Examples
[G]ap7131-4AA708(config)#wlan 1
[G]ap7131-4AA708(config-wlan-1)#

[G]ap7131-4AA708(config)#wlan containing wlan1


[G]ap7131-4AA708(config-wlan-{'containing': 'wlan1'})#

[G]ap7131-4AA708(config-wlan-1)#?
Wireless LAN Mode commands:
accounting Configure how accounting records are created
for this wlan
acl Actions taken based on ACL configuration [
packet drop being one of them]
answer-broadcast-probes Include this wlan when responding to probe
requests that do not specify an SSID
authentication-type The authentication type of this WLAN
bridging-mode Configure how packets to/from this wlan are
bridged
broadcast-dhcp Configure broadcast DHCP packet handling
broadcast-ssid Advertise the SSID of the WLAN in beacons
captive-portal-enforcement Enable captive-portal enforcement on the wlan
client-access Enable client-access (normal data operations)
on this wlan
client-client-communication Allow switching of frames from one wireless
client to another on this wlan
client-load-balancing Configure load balancing of clients on this
wlan
data-rates Specify the 802.11 rates to be supported on
this wlan
description Configure a description of the usage of this
wlan
encryption-type Configure the encryption to use on this wlan
enforce-dhcp Drop packets from Wireless Clients with static
IP address
http-analyze Enable HTTP URL analysis on the wlan
ip Internet Protocol (IP)
mac-registration Enable dynamic MAC registration of user
motorola-extensions Enable support for Motorola-Specific extensions
to 802.11
no Negate a command or set its defaults
protected-mgmt-frames Protected Management Frames (IEEE 802.11w)
related configuration (DEMO FEATURE)
proxy-arp-mode Configure handling of ARP requests with
proxy-arp is enabled
radius Configure RADIUS related parameters
4 - 122 WiNG 5.4 FIPS Access Point CLI Reference Guide

shutdown Shutdown this wlan


ssid Configure the Service Set Identifier for this
WLAN
time-based-access Configure client access based on time
use Set setting to use
vlan Configure the vlan where traffic from this wlan
is mapped
vlan-pool-member Add a member vlan to the pool of vlans for the
wlan (Note: configuration of a vlan-pool
overrides the 'vlan' configuration)
wireless-client Configure wireless-client specific parameters
wpa-wpa2 Modify tkip-ccmp (wpa/wpa2) related parameters

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or
terminal

[G]ap7131-4AA708(config-wlan-1)#
GLOBAL CONFIGURATION COMMANDS 4 - 123

4.1.39.2 wlan-mode commands


wlan
Configures WLAN mode commands. Manual WLAN mappings are erased when the actual WLAN is disabled and then enabled
immediately
Use the (config) instance to configure WLAN related parameters.
To navigate to this instance, use the following commands:
[G]ap7131-4AA708(config)#wlan <WLAN>
Table 4.15 summarizes WLAN configuration mode commands.
Table 4.15 WLAN-Mode Commands

Command Description Reference


accounting Defines WLAN accounting configuration page 4-125
acl Defines the actions based on an ACL rule configuration page 4-127
answer-broadcast- Allows a WLAN to respond to probes for broadcast ESS page 4-128
probes
authentication-type Sets a WLANs authentication type page 4-129
bridging-mode Configures how packets to/from this WLAN are bridged page 4-130
broadcast-dhcp Configures broadcast DHCP packet handling page 4-131
broadcast-ssid Advertises a WLANs SSID in beacons page 4-132
captive-portal- Configures a WLANs captive portal enforcement page 4-133
enforcement
client-access Enables WLAN client access (normal data operations) page 4-134
client-client- Allows switching of frames from one wireless client to another on a WLAN page 4-135
communication
client-load- Enables load balancing of WLAN clients page 4-136
balancing
data-rates Specifies the 802.11 rates supported on the WLAN page 4-138
description Sets a WLANs description page 4-141
encryption-type Sets a WLANs encryption type page 4-142
eap-types Configures client access based on eap-type used for authentication page 4-143
enforce-dhcp Drops packets from clients with a static IP address page 4-144
http-analyze Enables HTTP URL analysis on the WLAN page 4-145
ip Configures IP settings page 4-146
mac-registration Enables dynamic MAC registration of user page 4-147
motorola-extensions Enables support for Motorola Solutions specific extensions to 802.11 page 4-148
no Negates a command or sets its default value page 4-149
4 - 124 WiNG 5.4 FIPS Access Point CLI Reference Guide

Table 4.15 WLAN-Mode Commands

Command Description Reference


protected-mgmt- Configures Protected Management Frames (PMF) (IEEE 802.11w) related page 4-151
frames parameters
proxy-arp-mode Enables the proxy ARP mode for ARP requests page 4-152
radius Configures the RADIUS related parameters page 4-153
shutdown Closes a WLAN page 4-154
ssid Configures a WLANs SSID page 4-155
time-based-access Configures time-based client access page 4-156
use Defines WLAN mode configuration settings page 4-157
vlan Sets VLAN assignment for a WLAN page 4-159
vlan-pool-member Adds a member VLAN to the pool of VLANs for a WLAN page 4-160
wireless-client Configures the transmit power for wireless clients transmission page 4-161
wpa-wpa2 Modifies TKIP and CCMP (WPA/WPA2) related parameters page 4-163
GLOBAL CONFIGURATION COMMANDS 4 - 125

4.1.39.2.1 accounting
wlan-mode commands
Defines the WLANs accounting configuration
Supported in the following platforms:
Access Points AP71XX
Syntax
accounting [radius|syslog]

accounting syslog [host|mac-address-format]

accounting syslog [host <IP/HOSTNAME>] {port <1-65535>}


{proxy-mode [none|through-controller|through-rf-domain-manager]}]

accounting syslog mac-address-format [middle-hyphen|no-delim|pair-colon|pair-hyphen|


quad-dot] case [lower|upper]
Parameters
accounting radius

accounting radius Enables support for WLAN RADIUS accounting messages


accounting syslog [host <IP/HOSTNAME>] {port <1-65535>}
{proxy-mode [none|through-controller|through-rf-domain-manager]}

accounting syslog Enables support for WLAN syslog accounting messages


host Configures a syslog destination hostname or IP address for accounting records
<IP/HOSTNAME> <IP/HOSTNAME> Specify the IP address or name of the destination host.
port <1-65535> Optional. Configures the syslog servers UDP port (this port is used to connect to the server)
<1-65535> Specify the port from 1 - 65535. Default port is 514.
proxy-mode Optional. Configures the request proxying mode
[none| none Requests are directly sent to the server from the device
through-controller|
through-controller Requests are proxied through the wireless controller configuring the device
through-rf-domain-
manager] through-rf-domain-manager Requests are proxied through the local RF Domain manager

accounting syslog mac-address-format [middle-hyphen|no-delim|pair-colon|


pair-hyphen|quad-dot] case [lower|upper]

accounting syslog Enables support for WLAN syslog accounting messages


mac-address-format Configures the MAC address format used in syslog messages
middle-hyphen Configures MAC address format with middle hyphen (AABBCC-DDEEFF)
no-delim Configures MAC address format without delimitors (AABBCCDDEEFF)
pair-colon Configures MAC address format with pair-colon delimitors (AA:BB:CC:DD:EE:FF)
pair-hyphen Configures MAC address format with pair-hyphen deli mi tors (AA-BB-CC-DD-EE-FF). This is the
default setting.
4 - 126 WiNG 5.4 FIPS Access Point CLI Reference Guide

quad-dot Configures MAC address format with quad-dot deli mi tors (AABB.CCDD.EEFF)
case [lower|upper] The following keywords are common to all of the above:
case Specifies MAC address case (upper or lower)
lower Specifies MAC address is filled in lower case (for example, aa-bb-cc-dd-ee-ff)
upper Specifies MAC address is filled in upper case (for example, AA-BB-CC-DD-EE-FF)
Examples
[G]ap7131-4AA708(config-wlan-test)#accounting syslog host 172.16.10.4 port 2 proxy-mode
none

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode tunnel
encryption-type ccmp
authentication-type none
accounting syslog host 172.16.10.4 port 2
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 127

4.1.39.2.2 acl
wlan-mode commands
Defines the actions taken based on an ACL rule configuration
Supported in the following platforms:
Access Points AP71XX
Syntax
acl exceed-rate wireless-client-denied-traffic <0-1000000> {blacklist|disassociate}
acl exceed-rate wireless-client-denied-traffic <0-1000000> {blacklist <0-86400>|
disassociate}
Parameters
acl exceed-rate wireless-client-denied-traffic <0-1000000> {blacklist <0-86400>|
disassociate}

acl exceed-rate Sets the actions taken based on an ACL rule configuration (for example, drop a packet)
exceed-rate Action is taken when the rate exceeds a specified value
wireless-client-denied- Sets the action to deny traffic to the wireless client, when the rate exceeds the specified value
traffic <0-1000000> Specify a allowed rate threshold of disallowed traffic in packets/sec.
<0-1000000>
blacklist <0-86400> Optional. When enabled, sets the time interval to blacklist a wireless client
disassociate Optional. When enabled, disassociates a wireless client
Examples
[G]ap7131-4AA708(config-wlan-test)#acl exceed-rate wireless-client-denied-traffic
20 disassociate

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode tunnel
encryption-type ccmp
authentication-type none
accounting syslog host 172.16.10.4 port 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
[G]ap7131-4AA708(config-wlan-test)#
4 - 128 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.3 answer-broadcast-probes
wlan-mode commands
Allows the WLAN to respond to probe requests that do not specify an SSID. These probes are for broadcast ESS.
Supported in the following platforms:
Access Points AP71XX
Syntax
answer-broadcast-probes
Parameters
None
Examples
[G]ap7131-4AA708(config-wlan-1)#answer-broadcast-probes
[G]ap7131-4AA708(config-wlan-1)#
GLOBAL CONFIGURATION COMMANDS 4 - 129

4.1.39.2.4 authentication-type
wlan-mode commands
Sets the WLANs authentication type
Supported in the following platforms:
Access Points AP71XX
Syntax
authentication-type [eap|eap-mac|eap-psk|mac|psk]
Parameters
authentication-type [eap|eap-mac|eap-psk|mac|psk]

authentication-type Configures a WLANs authentication type


The authentication types are: EAP, EAP-MAC, EAP-PSK.
eap Configures Extensible Authentication Protocol (EAP) authentication (802.1X)
eap-mac Configures EAP or MAC authentication depending on client
eap-psk Configures EAP authentication or pre-shared keys depending on client (This setting is only valid
with Temporal Key Integrity Protocol (TKIP) or Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP))
mac Configures MAC authentication type
psk Configures Pre-shared-keys authentication type
Examples
[G]ap7131-4AA708(config-wlan-test)#authentication-type eap

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode tunnel
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
[G]ap7131-4AA708(config-wlan-test)#
4 - 130 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.5 bridging-mode
wlan-mode commands
Configures how packets are bridged to and from a WLAN
Supported in the following platforms:
Access Points AP71XX
Syntax
bridging-mode [local|tunnel]
Parameters
bridging-mode [local|tunnel]

bridging-mode Configures how packets are bridged to and from a WLAN. The options are local and tunnel.
local Bridges packets between WLAN and local ethernet ports.This is the default mode.
tunnel Tunnels packets to other devices (typically a wireless controller).

Examples
[G]ap7131-4AA708(config-wlan-test)#bridging-mode local
[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 131

4.1.39.2.6 broadcast-dhcp
wlan-mode commands
Configures the broadcast DHCP packet handling parameters
Supported in the following platforms:
Access Points AP71XX
Syntax
broadcast-dhcp validate-offer
Parameters
broadcast-dhcp validate-offer

validate-offer Validates the broadcast DHCP packet destination (a wireless client associated to the radio) before
forwarding over the air
Examples
[G]ap7131-4AA708(config-wlan-test)#broadcast-dhcp validate-offer

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
broadcast-dhcp validate-offer
[G]ap7131-4AA708(config-wlan-test)#
4 - 132 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.7 broadcast-ssid
wlan-mode commands
Advertises the WLAN SSID in beacons
Supported in the following platforms:
Access Points AP71XX
Syntax
broadcast-ssid
Parameters
None
Examples
[G]ap7131-4AA708(config-wlan-1)#broadcast-ssid
[G]ap7131-4AA708(config-wlan-1)#
GLOBAL CONFIGURATION COMMANDS 4 - 133

4.1.39.2.8 captive-portal-enforcement
wlan-mode commands
Configures the WLANs captive portal enforcement
Supported in the following platforms:
Access Points AP71XX
Syntax
captive-portal-enforcement {fall-back}
Parameters
captive-portal-enforcement {fall-back}

captive-portal- Enables captive portal enforcement on a WLAN


enforcement
fall-back Optional. Enforces captive portal validation if WLAN authentication fails (applicable to EAP or
MAC authentication only)
Examples
[G]ap7131-4AA708(config-wlan-test)#captive-portal-enforcement fall-back

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
captive-portal-enforcement fall-back
acl exceed-rate wireless-client-denied-traffic 20 disassociate
broadcast-dhcp validate-offer
[G]ap7131-4AA708(config-wlan-test)#
4 - 134 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.9 client-access
wlan-mode commands
Enables WLAN client access (for normal data operations)
Supported in the following platforms:
Access Points AP71XX
Syntax
client-access
Parameters
None
Examples
[G]ap7131-4AA708(config-wlan-1)#client-access
[G]ap7131-4AA708(config-wlan-1)#
GLOBAL CONFIGURATION COMMANDS 4 - 135

4.1.39.2.10 client-client-communication
wlan-mode commands
Allows frame switching from one client to another on a WLAN
Supported in the following platforms:
Access Points AP71XX
Syntax
client-client-communication
Parameters
None
Examples
[G]ap7131-4AA708(config-wlan-1)#client-client-communication
[G]ap7131-4AA708(config-wlan-1)#
4 - 136 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.11 client-load-balancing
wlan-mode commands
Configures client load balancing on a WLAN
Supported in the following platforms:
Access Points AP71XX
Syntax
client-load-balancing {allow-single-band-clients|band-discovery-intvl|
capability-ageout-time|max-probe-req|probe-req-invl}

client-load-balancing {allow-single-band-clients [2.4Ghz|5Ghz]|


band-discovery-intvl <0-10000>|capability-ageout-time <0-10000>}

client-load-balancing {max-probe-req|probe-req-intvl} [2.4Ghz|5Ghz] <0-10000>


Parameters
client-load-balancing {allow-single-band-clients [2.4Ghz|5Ghz]|
band-discovery-intvl <0-10000>|capability-ageout-time <0-10000>}

client-load-balancing Configures client load balancing on a WLAN


allow-single-band- Optional. Allows single band clients to associate even during load balancing
clients [2.4GHz|5GHz] 2.4GHz Enables load balancing across 2.4GHz channels
5GHz Enables load balancing across 5GHz channels
band-discovery-intvl Optional. Configures time interval to discover a client's band capability before associating it
<0-10000> <0-10000> Specify a value from 0 - 10000 seconds.
capability-ageout-time Optional. Configures a client's capability ageout interval
<0-10000> <0-10000> Specify a value from 0 - 10000 seconds.

client-load-balancing {max-probe-req|probe-req-intvl} [2.4Ghz|5Ghz] <0-10000>

client-load-balancing Configures load balancing of clients on a WLAN


max-probe-req Optional. Configures client probe request interval limits for association
[2.4GHz|5GHz] 2.4GHz Configures maximum client probe requests on 2.4GHz radios
<0-10000>
5GHz Configures maximum client probe requests on 5GHz radios
<0-10000> Specify a client probe request threshold from 0 - 100000.
probe-req-intvl Optional. Configures client probe request interval limits for association
2.4GHz|5GHz] 2.4GHz Configures client probe request interval on 2.4GHz radios
<0-10000>
5GHz Configures client probe request interval on 5GHz radios
<0-10000> Specify a value from 0 - 100000.
GLOBAL CONFIGURATION COMMANDS 4 - 137

Examples
[G]ap7131-4AA708(config-wlan-test)#client-load-balancing band-discovery-intvl 2

[G]ap7131-4AA708(config-wlan-test)#client-load-balancing probe-req-intvl 5ghz 5

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
captive-portal-enforcement fall-back
acl exceed-rate wireless-client-denied-traffic 20 disassociate
broadcast-dhcp validate-offer
[G]ap7131-4AA708(config-wlan-test)#
4 - 138 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.12 data-rates
wlan-mode commands
Specifies the 802.11 rates supported on a WLAN
Supported in the following platforms:
Access Points AP71XX
Syntax
data-rates [2.4GHz|5GHz]

data-rates 2.4GHz [b-only|bg|bgn|custom|default|g-only|gn]

data-rates 2.4GHz custom [1|11|12|18|2|24|36|48|5.5|54|6|9|basic-1|basic-11|


basic-12|basic-18|basci-2|basic-24|basic-36|basic-48|basic-5.5|basic-54|
basic-6|basic-9|basic-mcs0-7|mcs0-15|mcs0-7|mcs8-15]

data-rates 5GHz [a-only|an|custom|default]

data-rates 5GHz custom [12|18|24|36|48|54|6|9|basic-1|basi-11|


basic-12|basic-18|basic-2|basic-24|basic-36|basic-48|basic-5.5|basic-54|
basic-6|basic-9|basic-mcs0-7|mcs0-15|mcs0-7|mcs8-15]
Parameters
data-rates 2.4GHz [b-only|bg|bgn|default|g-only|gn]

data-rates Specifies the 802.11 rates supported when mapped to a 2.4GHz radio
b-only Uses rates that support only 11b clients
bg Uses rates that support both 11b and 11g clients
bgn Uses rates that support 11b, 11g and 11n clients
default Uses the default rates configured for a 2.4GHz radio
g-only Uses rates that support operation in the 11g only mode
gn Uses rates that support 11g and 11n clients

data-rates 5GHz [a-only|an|default]

data-rates Specifies the 802.11 rates supported when mapped to a 5GHz radio
a-only Uses rates that support operation in 11a only
an Uses rates that support 11a and 11n clients
default Uses default rates configured for a 5GHz
data-rates [2.4GHz|5GHz] custom [1|11|12|18|2|24|36|48|5.5|54|6|9|basic-1|basic-11|
basic-12|basic-18|basic-2|basic-24|basic-36|basic-48|basic-5.5|basic-54|basic-6|
basic-9|basic-mcs0-7|mcs0-15|mcs0-7|mcs8-15]

data-rates Specifies the 802.11 rates supported when mapped to a 2.4GHz or 5GHz radio
[2.4GHz|5GHz]
custom Configures a data rates list by specifying each rate individually. Use 'basic-' prefix before a rate
to indicate it is used as a basic rate (For example, 'data-rates custom basic-1 basic-2 5.5 11').
The data-rates for 2.4GHz and 5GHz channels are the same with a few exceptions. The 2.4GHz
channel has a few extra data rates: 1, 11, 2, and 5.5.
GLOBAL CONFIGURATION COMMANDS 4 - 139

1,11,2,5.5 The following data rates are specific to the 2.4GHz channel:
1 1-Mbps
11 11-Mbps
2 2-Mbps
5.5 5.5-Mbps
12,18,24,36,48,54,6,9, The following data rates are common to both the 2.4Ghz and 5GHz channels:
basic-1,basic-11, 12 12 Mbps
basic-12,basic-18,
18 18-Mbps
basic-2,
basic-36,basic-48, 24 24 Mbps
basic-5.5, 36 36-Mbps
basic-54,basic-6, 48 48-Mbps
basic-9, 54 54-Mbps
basic-mcs0-7,mcs0-15,
mcs0-7,mcs8-15 6 6-Mbps
9 9-Mbps
basic-1 basic 1-Mbps
basic-11 basic 11-Mbps
basic-12 basic 12-Mbps
basic-18 basic 18-Mbps
basic-2 basic 2-Mbps
basic-36 basic 36-Mbps
basic-48 basic 48-Mbps
basic-5.5 basic 5.5-Mbps
basic-54 basic 54-Mbps
basic-6 basic 6-Mbps
basic-9 basic 9-Mbps
basic-mcs0-7 Modulation and coding scheme 0-7 as a basic rate
mcs0-15 Modulation and coding scheme 0-15
mcs0-7 Modulation and coding scheme 0-7
mcs8-15 Modulation and coding scheme 8-15
4 - 140 WiNG 5.4 FIPS Access Point CLI Reference Guide

Examples
[G]ap7131-4AA708(config-wlan-test)#data-rates 2.4GHz gn

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
data-rates 2.4GHz gn
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
captive-portal-enforcement fall-back
acl exceed-rate wireless-client-denied-traffic 20 disassociate
broadcast-dhcp validate-offer
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 141

4.1.39.2.13 description
wlan-mode commands
Defines the WLAN description
Supported in the following platforms:
Access Points AP71XX
Syntax
description <LINE>
Parameters
description <LINE>

<LINE> Specify a WLAN description


Examples
[G]ap7131-4AA708(config-wlan-test)#description TestWLAN
[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
description TestWLAN
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
data-rates 2.4GHz gn
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
captive-portal-enforcement fall-back
acl exceed-rate wireless-client-denied-traffic 20 disassociate
broadcast-dhcp validate-offer
[G]ap7131-4AA708(config-wlan-test)#
4 - 142 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.14 encryption-type
wlan-mode commands
Sets a WLANs encryption type
Supported in the following platforms:
Access Points AP71XX
Syntax
encryption-type ccmp
Parameters
encryption-type ccmp

encryption-type Configures the WLANs data encryption parameters


ccmp Configures Advanced Encryption Standard (AES) Counter Mode CBC-MAC Protocol
(AES-CCM/CCMP)
Examples
[G]ap7131-139B34(config-wlan-1)#encryption-type ccmp
[G]ap7131-139B34(config-wlan-1)#show context
Warning: This will display secure information. Do you want to proceed? (y/n): y
wlan 1
description TEST
ssid 1
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type psk
accounting syslog host 1
client-load-balancing
captive-portal-enforcement fall-back
acl exceed-rate wireless-client-denied-traffic 10 blacklist 0
[G]ap7131-139B34(config-wlan-1)#
GLOBAL CONFIGURATION COMMANDS 4 - 143

4.1.39.2.15 eap-types
wlan-mode commands
Configures client access based on eap-type used for authentication
Supported in the following platforms:
Access Points AP71XX
Syntax
eap-types [allow|deny]
eap-types [allow|deny] [aka|all|fast|peap|sim|tls|ttls]
{aka|all|fast|peap|sim|tls|ttls}
Parameters
eap-types [allow|deny] [aka|all|fast|peap|sim|tls|ttls] {aka|all|fast|peap|sim|tls|ttls}

eap-type Configures client access based on eap-type usedfor authentication


[allow|deny] Configures the list of EAP types that are allowed/denied on this wlan. The eap-types include:
aka EAP-AKA and EAP-AKA
all All EAP types
fast EAP-FAST
peap EAP-PEAP
sim EAP-SIM
tls EAP-TLS
ttls EAP-TTLS
Examples
[G]ap7131-139B34(config-wlan-1)#eap-types deny ttls
[G]ap7131-139B34(config-wlan-1)#
4 - 144 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.16 enforce-dhcp
wlan-mode commands
Drops packets from clients with a static IP address
Supported in the following platforms:
Access Points AP71XX
Syntax
enforce-dhcp
Parameters
None
Examples
[G]ap7131-4AA708(config-wlan-test)#enforce-dhcp

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
description TestWLAN
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
data-rates 2.4GHz gn
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
captive-portal-enforcement fall-back
acl exceed-rate wireless-client-denied-traffic 20 disassociate
enforce-dhcp
broadcast-dhcp validate-offer
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 145

4.1.39.2.17 http-analyze
wlan-mode commands
Enables HTTP URL analysis on the WLAN
Supported in the following platforms:
Access Points AP71XX
Syntax
http-analyze [controller|filter|forward|syslog]

http-analyze filter [images|strip-query-string]

http-analyze syslog host <IP/HOSTNAME> {port <1-65535>} {proxy-mode [none|


through-controller|through-rf-domain-manager]}
Parameters
http-analyze [controller|forward]

controller Forwards client and URL information to the wireless controller through the adopted AP
forward Forwards URL and data to the wireless controller the AP is adopted to

http-analyze filter [images|strip-query-string]

filter Filters URLs, based on the parameters set, before forwarding them
images Filters out URLs referring to images
strip-query-string Strips query strings from URLs before forwarding them

http-analyze syslog host <IP/HOSTNAME> {port <1-65535>} {proxy-mode [none|


through-controller|through-rf-domain-manager]}

syslog Forwards client and URL information to a syslog server


host <IP/HOSTNAME> host <IP/HOSTNAME> Specify the syslog servers IP address or hostname
port <1-65535> Optional. Specifies the UDP port to connect to the syslog server from 1 - 65535
proxy-mode Optional. Specifies if the request is to be proxied through another device
[none| none Requests are sent directly to syslog server from device
through-controller|
through-controller Proxies requests through the wireless controller configuring the device
through-rf-domain-
manager] through-rf-domain-manager Proxies the requests through the local RF Domain manager

Examples
[G]ap7131-4AA708(config-wlan-test)#http-analyze controller

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
description TestWLAN
ssid test
bridging-mode local
encryption-type ccmp
......................................................
enforce-dhcp
broadcast-dhcp validate-offer
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
4 - 146 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.18 ip
wlan-mode commands
Configures Internet Protocol (IP) settings
Supported in the following platforms:
Access Points AP71XX
Syntax
ip [arp|dhcp]

ip arp [header-mismatch-validation|trust]

ip dhcp trust
Parameters
ip arp [header-mismatch-validation|trust]

ip arp Configures the IP settings for ARP packets


header-mismatch- Verifies mismatch of source MAC address in the ARP and Ethernet headers
validation
trust Sets ARP responses as trusted for a WLAN/range

ip dhcp trust

ip dhcp Configures the IP settings for DHCP packets


trust Sets DHCP responses as trusted for a WLAN/range
Examples
[G]ap7131-4AA708(config-wlan-test)#ip dhcp trust
[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
description TestWLAN
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
data-rates 2.4GHz gn
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
captive-portal-enforcement fall-back
ip dhcp trust
acl exceed-rate wireless-client-denied-traffic 20 disassociate
enforce-dhcp
broadcast-dhcp validate-offer
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 147

4.1.39.2.19 mac-registration
wlan-mode commands
Enables dynamic MAC registration of user

NOTE: This feature is supported only if MAC authentication is enabled. To enable MAC
authentication use the authentication-type > mac command in the WLAN config mode.

Supported in the following platforms:


Access Points AP71XX
Syntax
mac-registration [extrenal|group-name]
mac-registration external host <IP/HOSYTNAME> {proxy-mode [none|through-controller|
through-rf-domain-manager]}
mac-registration group-name <GROUP-NAME> {expiry-time <1-1500>}
Parameters
mac-registration external host <IP/HOSYTNAME> {proxy-mode [none|through-controller|
through-rf-domain-manager]}]

mac-registration Enables dynamic MAC registration of user


external Forwards MAC registration user information to external wireless controller
host <IP/HOSTNAME> Specifies the external wireless controllers IP address or hostname
proxy-mode Optional. Specifies the mode of forwarding (proxying) request to external wireless controller)
{none| none Requests are sent directly to the wireless controller from device
through-controller|
through-controller Requests are proxied through the wireless controller configuring the
through-rf-domain}
device
through-rf-domain Requests are proxied through the local RF Domain Manager

mac-registration group-name <GROUP-NAME> {expiry-time <1-1500>}]

mac-registration Enables dynamic MAC registration of user


group-name Specifies the group to which the mac registered user should be added
<GROUP-NAME> <GROUP-NAME> Specify the group name.
expiry-time <1-1500> Optional. Specifies the user expiry time in days from 1 - 15000
Examples
[G]ap7131-4AA708(config-wlan-1)#mac-registration group-name test expiry-time 100
[G]ap7131-4AA708(config-wlan-1)#mac-registration external host 172.16.10.8 proxy-mode
through-controller
[G]ap7131-4AA708(config-wlan-1)#show context
wlan 1
ssid 1
bridging-mode tunnel
encryption-type ccmp
authentication-type mac
mac-registration group-name test expiry-time 100
mac-registration external host 172.16.10.8 proxy-mode through-controller
[G]ap7131-4AA708(config-wlan-1)#
4 - 148 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.20 motorola-extensions
wlan-mode commands
Enables support for Motorola Solutions specific extensions to 802.11
Supported in the following platforms:
Access Points AP71XX
Syntax
motorola-extensions [move-command|smart-scan|symbol-load-information|
wmm-load-information]
Parameters
motorola-extensions [move-command|smart-scan|symbol-load-information|
wmm-load-information]

motorola-extensions Enables support for Motorola Solutions specific extensions to 802.11


move-command Enables support for Motorola Solutions move (fast roaming) feature
smart-scan Enables support for smart scanning feature
symbol-load-information Enables support for the Symbol Technologies load information element (Element ID 173)
wmm-load-information Enables support for the Motorola Solutions WMM load information element
Examples
[G]ap7131-4AA708(config-wlan-test)#motorola-extensions wmm-load-information
[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
description TestWLAN
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
data-rates 2.4GHz gn
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
captive-portal-enforcement fall-back
ip dhcp trust
acl exceed-rate wireless-client-denied-traffic 20 disassociate
enforce-dhcp
broadcast-dhcp validate-offer
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 149

4.1.39.2.21 no
wlan-mode commands
Negates WLAN mode commands and reverts values to their default
Supported in the following platforms:
Access Points AP71XX
Syntax
no <PARAMETER>
Parameters
None
Usage Guidelines
The no command negates any command associated with it. Wherever required, use the same parameters associated with the
command getting negated.
Examples
[G]ap7131-4AA708(config-wlan-test)#no ?
accounting Configure how accounting records are created
for this wlan
acl Actions taken based on ACL configuration [
packet drop being one of them]
answer-broadcast-probes Do not Include this wlan when responding to
probe requests that do not specify an SSID
broadcast-dhcp Configure broadcast DHCP packet handling
broadcast-ssid Do not advertise the SSID of the WLAN in
beacons
captive-portal-enforcement Configure how captive-portal is enforced on the
wlan
client-access Disallow client access on this wlan (no data
operations)
client-client-communication Disallow switching of frames from one wireless
client to another on this wlan
client-load-balancing Disable load-balancing of clients on this wlan
data-rates Reset data rate configuration to default
description Reset the description of the wlan
eap-types Allow all EAP types on this wlan

enforce-dhcp Drop packets from Wireless Clients with static


IP address
http-analyze Enable HTTP URL analysis on the wlan
ip Internet Protocol (IP)

mac-registration Dynamic MAC registration of user


motorola-extensions Disable support for Motorola-Specific
extensions to 802.11
protected-mgmt-frames Disable support for Protected Management Frames
(IEEE 802.11w)
proxy-arp-mode Configure handling of ARP requests with
proxy-arp is enabled
radius Configure RADIUS related parameters
shutdown Enable the use of this wlan
ssid Configure ssid
time-based-access Reset time-based-access parameters to default
use Set setting to use
vlan Map the default vlan (vlan-id 1) to the wlan
vlan-pool-member Delete a mapped vlan from this wlan
wireless-client Configure wireless-client specific parameters
wpa-wpa2 Modify tkip-ccmp (wpa/wpa2) related parameters

service Service Commands


[G]ap7131-4AA708(config-wlan-test)#
4 - 150 WiNG 5.4 FIPS Access Point CLI Reference Guide

The test settings before execution of the no command:

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
description TestWLAN
ssid test
bridging-mode local
encryption-type ccmp
authentication-type eap
accounting syslog host 172.16.10.4 port 2
data-rates 2.4GHz gn
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
captive-portal-enforcement fall-back
ip dhcp trust
acl exceed-rate wireless-client-denied-traffic 20 disassociate
enforce-dhcp
broadcast-dhcp validate-offer
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#

[G]ap7131-4AA708(config-wlan-test)#no accounting syslog

[G]ap7131-4AA708(config-wlan-test)#no description

[G]ap7131-4AA708(config-wlan-test)#no authentication-type

[G]ap7131-4AA708(config-wlan-test)#no encryption-type

[G]ap7131-4AA708(config-wlan-test)#no enforce-dhcp
[G]ap7131-4AA708(config-wlan-test)#no data-rates 2.4GHz

[G]ap7131-4AA708(config-wlan-test)#no ip dhcp trust

[G]ap7131-4AA708(config-wlan-test)#no captive-portal-enforcement
The test settings after the execution of the no command:

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type none
authentication-type none
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
broadcast-dhcp validate-offer
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 151

4.1.39.2.22 protected-mgmt-frames
wlan-mode commands
Configures Protected Management Frames (PMF) (IEEE 802.11w) related parameters
Supported in the following platforms:
Access Points AP71XX
Syntax
protected-mgmt-frames [mandatory|optional|sa-query]

protected-mgmt-frames sa-query [attempts <1-10>|timeout <100-1000>]


Parameters
protected-mgmt-frames [mandatory|optional]

mandatory Enforces PMF on this WLAN


optional Advertises support for PMF but enforces only for clients that indicate their support for it

protected-mgmt-frames sa-query [attempts <1-10>|timeout <100-1000>]

sa-query Configures security association (SA) query related parameters, such as number of attempts and
timeout period
attempts <1-10> Configures the number of times an SA query message is tried
<1-10> Specify a value from 1 - 10.
timeout <100-1000> Configures the wait time, in milliseconds, for a response to a SA query, before re-sending
<100-1000> Specify a value from 100 - 1000 milliseconds.
Examples
[G]ap7131-4AA708(config-wlan-test)#protected-mgmt-frames mandatory

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type ccmp authentication-type none
protected-mgmt-frames mandatory
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
broadcast-dhcp validate-offer
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
4 - 152 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.23 proxy-arp-mode
wlan-mode commands
Enables proxy ARP mode for handling ARP requests
Supported in the following platforms:
Access Points AP71XX
Syntax
proxy-arp-mode [dynamic|strict]
Parameters
proxy-arp-mode [dynamic|strict]

proxy-arp-mode Enables proxy ARP mode for handling ARP requests. The options available are dynamic and strict.
dynamic Forwards ARP requests to the wireless side (for which a response could not be proxied)
strict Does not forward ARP requests to the wireless side
Examples
[G]ap7131-4AA708(config-wlan-test)#proxy-arp-mode strict

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type ccmp
authentication-type none
protected-mgmt-frames mandatory
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
proxy-arp-mode strict
broadcast-dhcp validate-offer
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 153

4.1.39.2.24 radius
wlan-mode commands
Configures RADIUS related parameters
Supported in the following platforms:
Access Points AP71XX
Syntax
radius [dynamic-authorization|nas-identifier|nas-port-id|vlan-assignment]

radius [dynamic-authorization|nas-identifier <NAS-ID>|nas-port-id <NAS-PORT-ID>|


vlan-assignment]
Parameters
radius [dynamic-authorization|nas-identifier <NAS-ID>|nas-port-id <NAS-PORT-ID>|
vlan-assignment]

dynamic-authorization Enables support for disconnect and change of authorization messages (RFC5176)
nas-identifier Configures the WLAN NAS identifier sent to the RADIUS server. The NAS identifier should not
<NAS-ID> exceed 256 characters.
nas-port-id Configures the WLAN NAS port ID sent to the RADIUS server. The NAS port identifier should not
<NAS-PORT-ID> exceed 256 characters.
vlan-assignment Configures the VLAN assignment of a WLAN
Examples
[G]ap7131-4AA708(config-wlan-test)#radius vlan-assignment
[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type ccmp
authentication-type none
protected-mgmt-frames mandatory
radius vlan-assignment
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
proxy-arp-mode strict
broadcast-dhcp validate-offer
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
4 - 154 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.25 shutdown
wlan-mode commands
Shuts down a WLAN
Supported in the following platforms:
Access Points AP71XX
Syntax
shutdown {on-critical-resource|on-meshpoint-loss|on-primary-port-link-loss|
on-unadoption}
Parameters
shutdown {on-critical-resource|on-meshpoint-loss|on-primary-port-link-loss|
on-unadoption}

shutdown Shuts down the WLAN when specified events occur


on-critical-resource Optional. Shuts down the WLAN when critical resource failure occurs
on-meshpoint-loss Optional. Shuts down the WLAN when the root meshpoint link fails (is unreachable)
on-primary-port-link-loss Optional. Shuts down the WLAN when a device losses its primary Ethernet port (ge1/up1) link
on-unadoption Optional. Shuts down the WLAN when an adopted device becomes unadopted
Usage Guidelines
If the shutdown on-meshpoint-loss feature is enabled, the WLAN status changes only if the meshpoint and the WLAN are
mapped to the same VLAN. If the meshpoint is mapped to VLAN 1 and the WLAN is mapped to VLAN 2, then the WLAN status
does not change on loss of the meshpoint.
Examples
[G]ap7131-4AA708(config-wlan-test)#shutdown on-unadoption
[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type ccmp
authentication-type none
protected-mgmt-frames mandatory
radius vlan-assignment
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
proxy-arp-mode strict
broadcast-dhcp validate-offer
shutdown on-unadoption
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 155

4.1.39.2.26 ssid
wlan-mode commands
Configures a WLANs SSID
Supported in the following platforms:
Access Points AP71XX
Syntax
ssid <SSID>
Parameters
ssid <SSID>

<SSID> Specify the WLANs SSID. The WLAN SSID is case sensitive and alphanumeric. Its length should
not exceed 32 characters.
Examples
[G]ap7131-4AA708(config-wlan-test)#ssid testWLAN1

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid testWLAN1
bridging-mode local
encryption-type ccmp
authentication-type none
protected-mgmt-frames mandatory
radius vlan-assignment
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
proxy-arp-mode strict
broadcast-dhcp validate-offer
shutdown on-unadoption
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
4 - 156 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.27 time-based-access
wlan-mode commands
Configures time-based client access
Supported in the following platforms:
Access Points AP71XX
Syntax
time-based-access day [sunday|monday|tuesday|wednesday|thursday|friday|
saturday|all|weekends|weekdays] {start <START-TIME>} [end <END-TIME>]
Parameters
time-based-access day [sunday|monday|tuesday|wednesday|thursday|friday|
saturday|all|weekends|weekdays] {start <START-TIME>} [end <END-TIME>]

day <option> Specifies the day or days on which the client can access the WLAN
sunday Allows access on Sundays only
monday Allows access on Mondays only
Tuesdays Allows access on Tuesdays only
wednesday Allows access on Wednesdays only
thursday Allows access on Thursdays only
friday Allows access on Fridays only
saturday Allows access on Saturdays only
weekends Allows access on weekends only
weekdays Allows access on weekdays only
all Allows access on all days
start <START-TIME> Optional. Specifies the access start time in hours and minutes (HH:MM)
end <END-TIME> Specifies the access end time in hours and minutes (HH:MM)
Examples
[G]ap7131-4AA708(config-wlan-test)#time-based-access days weekdays start 10:00 end
16:30

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid testWLAN1
bridging-mode local
encryption-type ccmp
authentication-type none
protected-mgmt-frames mandatory
radius vlan-assignment
time-based-access days weekdays start 10:00 end 16:30
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
acl exceed-rate wireless-client-denied-traffic 20 disassociate
proxy-arp-mode strict
broadcast-dhcp validate-offer
shutdown on-unadoption
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 157

4.1.39.2.28 use
wlan-mode commands
This command associates an existing captive portal with a WLAN.
Supported in the following platforms:
Access Points AP71XX
Syntax
use [aaa-policy|association-acl-policy|captive-portal|ip-access-list|mac-access-list|
wlan-qos-policy]

use [aaa-policy <AAA-POLICY-NAME>|association-acl-policy <ASSOCIATION-POLICY-NAME>|


captive-portal <CAPTIVE-PORTAL-NAME>|wlan-qos-policy <WLAN-QOS-POLICY-NAME>]

use ip-access-list [in|out] <IP-ACCESS-LIST-NAME>

use mac-access-list [in|out] <MAC-ACCESS-LIST-NAME>


Parameters
use [aaa-policy <AAA-POLICY-NAME>|association-acl-policy <ASSOCIATION-POLICY-NAME>|
captive-portal <CAPTIVE-PORTAL-NAME>|wlan-qos-policy <WLAN-QoS-POLICY-NAME>]

aaa-policy Uses an existing AAA policy with WLAN


<AAA-POLICY-NAME> <AAA-POLICY-NAME> Specify the AAA policy name.
association-acl Uses an existing association ACL policy with WLAN
<ASSOCIATION-POLICY- <ASSOCIATION-POLICY-NAME> Specify the association ACL policy name.
NAME>
captive-portal Enables WLANs captive portal authentication
<CAPTIVE-PORTAL- <CAPTIVE-PORTAL-NAME> Specify the captive portal name.
NAME>
wlan-qos-policy Uses an existing WLAN QoS policy with WLAN
<WLAN-QOS-POLICY- <wlan-qos-policy-name> Specify the WLAN QoS policy name.
NAME>
use ip-access-list [in|out] <IP-ACCESS-LIST-NAME>]

ip-access-list [in|out] Specifies the IP access list for incoming and outgoing packets
<IP-ACCESS-LIST- in Incoming packets
NAME>
out Outgoing packets
<IP-ACCESS-LIST-NAME> Specify the IP access list name.

use mac-access-list [in|out] <MAC-ACCESS-LIST-NAME>

mac-access-list [in|out] Specifies the MAC access list for incoming and outgoing packets.
<MAC-ACCESS-LIST- in Incoming packets
NAME>
out Outgoing packets
<MAC-ACCESS-LIST-NAME> Specify the MAC access list name.
4 - 158 WiNG 5.4 FIPS Access Point CLI Reference Guide

Examples
[G]ap7131-4AA708(config-wlan-test)#use aaa-policy test

[G]ap7131-4AA708(config-wlan-test)#use association-acl-policy test

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid testWLAN1
bridging-mode local
encryption-type ccmp
authentication-type none
protected-mgmt-frames mandatory
radius vlan-assignment
time-based-access days weekdays start 10:00 end 16:30
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
use aaa-policy test
use association-acl-policy test
acl exceed-rate wireless-client-denied-traffic 20 disassociate
proxy-arp-mode strict
broadcast-dhcp validate-offer
shutdown on-unadoption
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 159

4.1.39.2.29 vlan
wlan-mode commands
Sets the VLAN where traffic from a WLAN is mapped
Supported in the following platforms:
Access Points AP71XX
Syntax
vlan <1-4094>
Parameters
vlan <1-4094>

<1-4094> Sets a WLANs VLAN ID. This command starts a new VLAN assignment for a WLAN index. All
prior VLAN settings are erased.
Examples
[G]ap7131-4AA708(config-wlan-test)#vlan 4

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid testWLAN1
vlan 4
bridging-mode local
encryption-type ccmp
authentication-type none
protected-mgmt-frames mandatory
radius vlan-assignment
time-based-access days weekdays start 10:00 end 16:30
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
use aaa-policy test
use association-acl-policy test
acl exceed-rate wireless-client-denied-traffic 20 disassociate
proxy-arp-mode strict
broadcast-dhcp validate-offer
shutdown on-unadoption
http-analyze controller
[G]ap7131-4AA708(config-wlan-test)#
4 - 160 WiNG 5.4 FIPS Access Point CLI Reference Guide

4.1.39.2.30 vlan-pool-member
wlan-mode commands
Adds a member VLAN to a WLANs VLAN pool

NOTE: Configuration of a VLAN pool overrides the 'vlan' configuration.

Supported in the following platforms:


Access Points AP71XX
Syntax
vlan-pool-member <WORD> {limit <0-8192>}
Parameters
vlan-pool-member <WORD> {limit <0-8192>}

vlan-pool-member Adds a member VLAN to a WLANs VLAN pool


<WORD> Defines the VLAN configuration. It is either a single index, or a list of VLAN IDs (for example,
1,3,7), or a range (for example, 1-10)
limit <0-8192> Optional. Is ignored if the number of clients are limited and well within the limits of the DHCP pool
on the VLAN
<0-8192> Specifies the number of users allowed
Examples
[G]ap7131-4AA708(config-wlan-test)#vlan-pool-member 1-10 limit 1

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid testWLAN1
vlan-pool-member 1 limit 1
vlan-pool-member 2 limit 1
vlan-pool-member 3 limit 1
vlan-pool-member 4 limit 1
vlan-pool-member 5 limit 1
vlan-pool-member 6 limit 1
vlan-pool-member 7 limit 1
vlan-pool-member 8 limit 1
vlan-pool-member 9 limit 1
vlan-pool-member 10 limit 1
bridging-mode local
encryption-type ccmp
authentication-type none
protected-mgmt-frames mandatory
radius vlan-assignment
time-based-access days weekdays start 10:00 end 16:30
motorola-extensions wmm-load-information
client-load-balancing probe-req-intvl 5ghz 5
client-load-balancing band-discovery-intvl 2
use aaa-policy test
use association-acl-policy test
--More--
GLOBAL CONFIGURATION COMMANDS 4 - 161

4.1.39.2.31 wireless-client
wlan-mode commands
Configures the transmit power indicated to clients
Supported in the following platforms:
Access Points AP71XX
Syntax
wireless-client [count-per-radio|cred-cache-ageout|hold-time|inactivity-timeout|
max-firewall-sessions|reauthentication|roam-notification|tx-power|vlan-cache-out]

wireless-client [count-per-radio <0-256>|cred-cache-ageout <60-86400>|


hold-time <1-86400>|inactivity-timeout <60-86400>|max-firewall-sessions <10-10000>|
reauthentication <30-86400>|tx-power <0-20>|vlan-cache-out <60-86400>]

wireless-client roam-notification [after-association|after-data-ready|auto]


Parameters
wireless-client [count-per-radio <0-256>|cred-cache-ageout <60-86400>|
hold-time <1-86400>|inactivity-timeout <60-86400>|max-firewall-sessions <10-10000>|
reauthentication <30-86400>|tx-power <0-20>|vlan-cache-out <60-86400>]

wireless-client Configures the transmit power indicated to wireless clients for transmission
count-per-radio Configures the maximum number of clients allowed on this WLAN per radio
<0-256> <0-256> Specify a value from 0 - 256.
cred-cache-ageout Configures the timeout period for which client credentials (For example, encryption keys) are
<60-86400> cached across associations
<60-86400> Specify a value from 60 - 86400 seconds.
hold-time <1-86400> Configures the time period for which wireless client state information is cached post roaming
<1-86400> Specify a value from 1 - 86400 seconds.
inactivity-timeout Configures an inactivity timeout period in seconds. If a frame is not received from a wireless client
<60-86400> for this period of time, the client is disassociated.
<60-86400> Specify a value from 60 - 86400 seconds.
max-firewall-sessions Configures the maximum firewall sessions allowed per client on a WLAN
<10-10000> <10-10000> Specify the maximum number of firewall sessions allowed from
10 - 10000.
reauthentication Configures periodic reauthentication of associated clients
<30-86400> <30-86400> Specify the client reauthentication interval from 30 - 86400 seconds.
tx-power <0-20> Configures the transmit power indicated to clients
<0-20> Specify a value from 0 - 20 dBm.
vlan-cache-ageout Configures the timeout period for which client VLAN information is cached across associations.
<60-86400> <60-86400> Specify a value from 60 - 86400 seconds.

wireless-client roam-notification [after-association|after-data-ready|auto]

wireless-client Configures the transmit power indicated to wireless clients for transmission
roam-notification Configures when roam-notification is transmitted
4 - 162 WiNG 5.4 FIPS Access Point CLI Reference Guide

after-association Transmits roam notification after client has associated with wireless controller
after-data-ready Transmits roam notification after client is data-ready (after completion of authentication,
handshakes etc.)
auto Transmits roam notification on client association (if the client is known to have authenticated to
the network)
Examples
[G]ap7131-4AA708(config-wlan-test)#wireless-client cred-cache-ageout 65

[G]ap7131-4AA708(config-wlan-test)#wireless-client hold-time 200

[G]ap7131-4AA708(config-wlan-test)#wireless-client max-firewall-sessions 100

[G]ap7131-4AA708(config-wlan-test)#wireless-client reauthentication 35
[G]ap7131-4AA708(config-wlan-test)#wireless-client tx-power 12

[G]ap7131-4AA708(config-wlan-test)#show context
wlan test
ssid testWLAN1
vlan-pool-member 1 limit 1
vlan-pool-member 2 limit 1
vlan-pool-member 3 limit 1
vlan-pool-member 4 limit 1
vlan-pool-member 5 limit 1
vlan-pool-member 6 limit 1
vlan-pool-member 7 limit 1
vlan-pool-member 8 limit 1
vlan-pool-member 9 limit 1
vlan-pool-member 10 limit 1
bridging-mode local
encryption-type ccmp
authentication-type none
wireless-client hold-time 200
wireless-client cred-cache-ageout 65
wireless-client max-firewall-sessions 100
protected-mgmt-frames mandatory
wireless-client reauthentication 35
radius vlan-assignment
time-based-access days weekdays start 10:00 end 16:30
motorola-extensions wmm-load-information
wireless-client tx-power 12
client-load-balancing probe-req-intvl 5ghz 5
--More--
[G]ap7131-4AA708(config-wlan-test)#
GLOBAL CONFIGURATION COMMANDS 4 - 163

4.1.39.2.32 wpa-wpa2
wlan-mode commands
Modifies CCMP (WPA/WPA2) related parameters
Supported in the following platforms:
Access Points AP71XX
Syntax
wpa-wpa2 [handshake|key-rotation|opp-pmk-caching|
pmk-caching|preauthentication|psk|use-sha256-akm]

wpa-wpa2 [opp-pmk-caching|pmk-caching|preauthentication|
use-sha256-akm]

wpa-wpa2 handshake [attempts|init-wait|priority|timeout]


wpa-wpa2 handshake [attempts <1-5>|init-wait <5-1000000>|priority [high|normal]|
timeout <10-5000> {10-5000}]

wpa-wpa2 key-rotation [broadcast|unicast] <30-86400>


wpa-wpa2 psk [0 <LINE>|2 <LINE>|<LINE>]

Parameters
wpa-wpa2 [opp-pmk-caching|pmk-caching|preauthentication|use-sha256-akm]

wpa-wpa2 Modifies CCMP (WPA/WPA2) related parameters


opp-pmk-caching Uses opportunistic key caching (same Pairwise Master Key (PMK) across APs for fast roaming with
EAP.802.1x).
pmk-caching Uses cached pair-wise master keys (fast roaming with eap/802.1x)
preauthentication Uses pre-authentication mode (WPA2 fast roaming)
use-sha256-akm Uses sha256 authentication key management suite

wpa-wpa2 handshake [attempts <1-5>|init-wait <5-1000000>|priority [high|normal]|


timeout <10-5000> {10-5000}]

wpa-wpa2 Modifies CCMP (WPA/WPA2) related parameters


handshake Configures WPA/WPA2 handshake parameters
attempts <1-5> Configures the total number of times a message is transmitted towards a non-responsive client
<1-5> Specify a value from 1 - 5.
init-wait Configures a minimum wait-time period before the first handshake message is transmitted from
<5-1000000> the AP
<5-1000000> Specify a value from 5 - 1000000 microseconds.
4 - 164 WiNG 5.4 FIPS Access Point CLI Reference Guide

priority [high|normal] Configures the relative priority of handshake messages compared to other data traffic
high Treats handshake messages as high priority packets on a radio
normal Treats handshake messages as normal priority packets on a radio
timeout <10-5000> Configures the timeout period for a handshake message to retire. Once this timeout period is over,
<10-5000> the handshake message is retired.
<10-5000> Specify a value from 10 - 5000 milliseconds.
<10-5000> Optional. Configures a different timeout between the second and third attempts

wpa-wpa2 key-rotation [broadcast|unicast] <30-86400>

wpa-wpa2 Modifies CCMP (WPA/WPA2) related parameters


key-rotation Configures parameters related to periodic rotation of encryption keys. The parameters are periodic
rotation of keys for broadcast, multicast, and unicast traffic.
broadcast Configures the periodic rotation of keys used for broadcast and multicast traffic. This parameter
<30-86400> specifies the interval at which keys are rotated
<30-86400> Specify a value from 30 - 86400 seconds.
unicast <30-86400> Configures a periodic interval for the rotation of keys, used for unicast traffic
<30-86400> Specify a value from 30 - 86400 seconds.

wpa-wpa2 psk [0 <LINE>|2 <LINE>|<LINE>]

wpa-wpa2 Modifies CCMP (WPA/WPA2) related parameters


psk Configures a pre-shared key. The key options are: 0, 2, and LINE
0 <LINE> Configures a clear text key
2 <LINE> Configures an encrypted key
<LINE> Enter the pre-shared key either as a passphrase not exceeding 8 - 63 characters, or as a 64
character (256bit) hexadecimal value
Examples
[G]ap7131-139B34(config-wlan-1)#wpa-wpa2 handshake attempts 1
[G]ap7131-139B34(config-wlan-1)#
GLOBAL CONFIGURATION COMMANDS 4 - 165

4.1.40 wlan-qos-policy
Global Configuration Commands
Configures a WLAN QoS policy
Supported in the following platforms:
Access Points AP71XX
Syntax
wlan-qos-policy <WLAN-QOS-POLICY-NAME>
Parameters
wlan-qos-policy <WLAN-QOS-POLICY-NAME>

<WLAN-QOS-POLICY- Specify the WLAN QoS policy name. If the policy does not exist, it is created.
NAME>
Examples
[G]ap7131-4AA708(config)#wlan-qos-policy test
[G]ap7131-4AA708(config-wlan-qos-test)#?
WLAN QoS Mode commands:
accelerated-multicast Configure accelerated multicast streams address and
forwarding QoS classification
classification Select how traffic on this WLAN must be classified
(relative prioritization on the radio)
multicast-mask Egress multicast mask (frames that match bypass the
PSPqueue. This permits intercom mode operation
without delay even in the presence of PSP clients)
no Negate a command or set its defaults
qos Quality of service
rate-limit Configure traffic rate-limiting parameters on a
per-wlan/per-client basis
svp-prioritization Enable spectralink voice protocol support on this
wlan
voice-prioritization Prioritize voice client over other client (for
non-WMM clients)
wmm Configure 802.11e/Wireless MultiMedia parameters

clrscr Clears the display screen


commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal

[G]ap7131-4AA708(config-wlan-qos-test)#

NOTE: For more information on WLAN QoS policy commands, see Chapter 21, WLAN-
QOS-POLICY.

Related Commands

no Removes an existing WLAN QoS Policy


4 - 166 WiNG 5.4 FIPS Access Point CLI Reference Guide
CHAPTER 5
COMMON COMMANDS
This chapter describes the CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes.
The PRIV EXEC command set contains commands available within the USER EXEC mode. Some commands can be entered in
either mode. Commands entered in either the USER EXEC or PRIV EXEC mode are referred to as EXEC mode commands. If a
user or privilege is not specified, the referenced command can be entered in either mode.
5-2 WiNG 5.4 FIPS Access Point CLI Reference Guide

5.1 Common Commands


Table 5.1 summarizes commands common to the User Exec, Priv Exec, and Global Config modes.
Table 5.1 Commands Common to Access Point CLI Modes

Command Description Reference


clrscr Clears the display screen page 5-3
commit Commits (saves) changes made in the current session page 5-4
exit Ends and exits the current mode and moves to the PRIV EXEC mode page 5-5
help Displays the interactive help system page 5-6
no Negates a command or reverts values to their default settings page 5-10
revert Reverts changes to their last saved configuration page 5-12
service Invokes service commands to troubleshoot or debug (config-if) instance page 5-13
configurations
show Displays running system information page 5-31
write Writes the systems running configuration to memory or terminal page 5-33
COMMON COMMANDS 5-3

5.1.1 clrscr
Common Commands
Clears the screen and refreshes the prompt, irrespective of the mode you are in
Supported in the following platforms:
Access Points AP71XX
Syntax
clrscr
Parameters
None
Examples
The terminal window or screen before the clrscr command is executed:
[G]ap7131-4AA708#ap-upgrade ?
DEVICE-NAME Name/MAC address of AP
all Upgrade all access points
ap621 Upgrade an AP621 device
ap622 Upgrade an AP622 device
ap650 Upgrade an AP650 device
ap6511 Upgrade an AP6511 device
ap6521 Upgrade an AP6521 device
ap6522 Upgrade an AP6522 device
ap6532 Upgrade an AP6532 device
ap71xx Upgrade an AP71XX device
cancel-upgrade Cancel upgrading the AP
load-image Load the AP images to controller for ap-upgrades
rf-domain Upgrade all access points belonging to an RF Domain

[G]ap7131-4AA708#ap-upgrade

The terminal window or screen after the clrscr command is executed:


[G]ap7131-4AA708#
5-4 WiNG 5.4 FIPS Access Point CLI Reference Guide

5.1.2 commit
Common Commands
Commits changes made in the active session. Use the commit command to save and invoke settings entered during the current
transaction.
Supported in the following platforms:
Access Points AP71XX
Syntax
commit {write}{memory}
Parameters
commit {write}{memory}

write Optional. If a commit succeeds, the configuration is written to memory


memory Optional. Writes to memory
Examples
[G]ap7131-4AA708#commit write memory
[OK]
[G]ap7131-4AA708#
COMMON COMMANDS 5-5

5.1.3 exit
Common Commands
The exit command works differently in the User Exec, Priv Exec, and Global Config modes. In the Global Config mode, it ends
the current mode and moves to the previous mode, which is Priv Exec mode. The prompt changes from (config)# to #.
When used in the Priv Exec and User Exec modes, the exit command ends the current session, and connection to the terminal
device is terminated. If the current session has changes that have not been committed, the system will prompt you to either do
a commit or a revert before terminating the session.
Supported in the following platforms:
Access Points AP71XX
Syntax
exit
Parameters
None
Examples
[G]ap7131-4AA708(config)#exit
[G]ap7131-4AA708#
5-6 WiNG 5.4 FIPS Access Point CLI Reference Guide

5.1.4 help
Common Commands
Describes the interactive help system
Use this command to access the advanced help feature. Use ? anytime at the command prompt to access the help topic
Two kinds of help are provided:
Full help is available when ready to enter a command argument
Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input
(for example 'show ve?').
Supported in the following platforms:
Access Points AP71XX
Syntax
help {search|show}

help {show configuration-tree}

help {search <WORD>} {detailed|only-show|skip-no|skip-show}

NOTE: The show configuration-tree option is not available in the Global Config mode.

Parameters
help {show configuration-tree}

show configuration-tree Optional. Displays the running system information


configuration-tree Displays relationship amongst configuration objects
help {search <WORD>} {detailed|only-show|skip-no|skip-show}

search <WORD> Optional. Searches for CLI commands related to a specific target term
<WORD> Specify a target term (for example, a feature, or configuration parameter). After
specifying the term, select one of the following options: detailed, only-show, skip-no, or
skip-show. The system displays information based on the option selected.
detailed Optional. Searches and displays help strings in addition to mode and commands
only-show Optional. Displays only show commands. Does not display configuration commands
skip-no Optional. Displays only configuration commands. Does not display no commands
skip-show Optional. Displays only configuration commands. Does not display show commands
COMMON COMMANDS 5-7

Examples
[G]ap7131-4AA708>help search crypto detailed
Found 29 references for crypto
Found 113 references for crypto

Mode : User Exec


Command : show crypto key rsa (|public-key-detail) (|(on DEVICE-NAME))
\ Show running system information
\ Encryption related commands
\ Key management operations
\ Show RSA public Keys
\ Show the public key in PEM format
\ On AP/Controller
\ AP / Controller name

: show crypto pki trustpoints (WORD|all|)(|(on DEVICE-NAME))


\ Show running system information
\ Encryption related commands
\ Public Key Infrastructure related commands
\ Display the configured trustpoints
\ Display a particular trustpoint's details
\ Display details for all trustpoints
\ On AP/Controller
\ AP / Controller name

: show crypto isakmp sa (|(on DEVICE-NAME))


\ Show running system information
\ Encryption Module
\ Show ISAKMP related statistics
\ Show all ISAKMP Security Associations
\ On AP/Controller
\ AP / Controller name

: show crypto ipsec sa (|(on DEVICE-NAME))


\ Show running system information
\ Encryption Module
\ Show IPSec related statistics
\ IPSec security association
\ On AP/Controller
\ AP / Controller name
: crypto key generate rsa WORD <1024-2048> (|(on DEVICE-NAME))
\ Encryption related commands
\ Key management operations
\ Generate a keypair
\ Generate a RSA keypair
\ Keypair name
....................................................................................
[G]ap7131-4AA708>
5-8 WiNG 5.4 FIPS Access Point CLI Reference Guide

[G]ap7131-4AA708>help show configuration-tree

## ACCESS-POINT / SWITCH ## ---+


|
+--> [[ RF-DOMAIN ]]
|
+--> [[ PROFILE ]]
|
+--> Device specific parameters (license, serial number,
hostname)
|
+--> Configuration Overrides of rf-domain and profile

## RF-DOMAIN ## ---+
|
+--> RF parameters, WIPS server parameters
|
+--> [[ SMART-RF-POLICY ]]
|
+--> [[ WIPS POLICY ]]
## PROFILE ## ---+
|
+--> Physical interface (interface GE,ME,UP etc)
| |
| +--> [[ RATE-LIMIT-TRUST-POLICY ]]
|
+--> Vlan interface (interface VLAN1/VLAN36 etc)
|
+--> Radio interface (interface RADIO1, RADIO2 etc)
| |
| +--> Radio specific Configuration
| |
| +--> [[ RADIO-QOS-POLICY ]]
| |
| +--> [[ ASSOC-ACL-POLICY ]]
| |
| +--> [[ WLAN ]]
|
+--> [[ ]]
|
+--> [[ DHCP-SERVER-POLICY ]]
|
+--> [[ FIREWALL-POLICY ]]
|
+--> [[ NAT-POLICY ]]
....................................................................................
[G]ap7131-4AA708>

[G]ap7131-4AA708>help search clrscr only-show


found no commands containing "clrscr"
[G]ap7131-4AA708>

[G]ap7131-139B34>help search service skip-show


found more than 64 references, showing the first 64

Context : Command
Command : service show cli
: service show configuration-revision
: service show mac-vendor WORD
: service show snmp session
: service show fib (table-id <0-255>|)
: service show wireless stats-client diag (|DEVICE-NAME) (|(on DEV...
: service show wireless reference dot11 (reason-codes|status-codes...
: service show wireless reference dot11 frame
: service show wireless reference dot11 mcs-rates
: service show wireless reference dot11 handshake (wpa-wpa2-person...
: service show wireless meshpoint neighbor proc (info|stats) (|AA-...
: service show wireless credential-cache(|(on DEVICE-NAME))
: service show wireless dns-cache(|(on DEVICE-NAME))
COMMON COMMANDS 5-9

: service show wireless aaa-stats(|(on DEVICE-NAME))


: service show wireless vlan-usage (|(on DEVICE-NAME))
: service show wireless config-internal
: service show wireless log-internal
: service show wireless neighbors
: service show wireless client proc (info|stats) (|AA-BB-CC-DD-EE-...
: service show rf-domain-manager diag (|DEVICE-NAME) (|(on DEVICE-...
: service show noc diag
: service show captive-portal user-cache(|(on DEVICE-NAME))
: service show captive-portal servers(|(on DEVICE-NAME))
: service show diag stats(|(on DEVICE-NAME))
: service show diag led-status(|(on DEVICE-NAME))
: service show process(|(on DEVICE-NAME))
: service show mem(|(on DEVICE-NAME))
: service show top(|(on DEVICE-NAME))
: service show info(|(on DEVICE-NAME))
: service show startup-log(|(on DEVICE-NAME))
: service show pm(|(on DEVICE-NAME))
: service show pm history (|(on DEVICE-NAME))
: service show watchdog(|(on DEVICE-NAME))
: service show sysinfo(|(on DEVICE-NAME))
: service show dhcp-lease (|`WORD|wwan1|pppoe1|vlan <1-4094>')(|(o...
: service show crash-info (|(on DEVICE-NAME))
: service show reboot-history(|(on DEVICE-NAME))
: service show upgrade-history(|(on DEVICE-NAME))
: service show command-history(|(on DEVICE-NAME))
: service show xpath-history
: service show mint adopted-devices(|(on DEVICE-NAME))
: service force-send-config(|(on DEVICE-OR-DOMAIN-NAME))
: service delete-offline-aps (all|(offline-for days <0-999> (time ...
: service cli-tables-skin (none|minimal|thin|thick|stars|hashes|pe...
: service clear xpath requests (|<1-100000>)
: service clear ap-upgrade history (|(on DOMAIN-NAME))
: service clear captive-portal-page-upload history (|(on DOMAIN-NA...
: service clear wireless ap statistics (|(AA-BB-CC-DD-EE-FF)) (|(o...
: service clear wireless client statistics (|AA-BB-CC-DD-EE-FF) (|...
--More--
[G]ap7131-4AA708>

[G]ap7131-4AA708>help search mint only-show


Found 8 references for "mint"
Mode : User Exec
Command : show mint neighbors (|details)(|(on DEVICE-NAME))
: show mint links (|details)(|(on DEVICE-NAME))
: show mint id(|(on DEVICE-NAME))
: show mint stats(|(on DEVICE-NAME))
: show mint route(|(on DEVICE-NAME))
: show mint lsp
: show mint lsp-db (|details)(|(on DEVICE-NAME))
: show mint mlcp(|(on DEVICE-NAME))
[G]ap7131-4AA708>
5 - 10 WiNG 5.4 FIPS Access Point CLI Reference Guide

5.1.5 no
Common Commands
Negates a command or sets its default. Though the no command is common to the User Exec, Priv Exec, and Global Config
modes, it negates a different set of commands in each mode.
Supported in the following platforms:
Access Points AP71XX
Syntax
no <PARAMETER>
Parameters
None
Usage Guidelines
The no command negates any command associated with it. Wherever required, use the same parameters associated with the
command getting negated.
Examples
Global Config mode: No command options
[G]ap7131-4AA708(config)#no ?
aaa-policy Delete a aaa policy
aaa-tacacs-policy Delete a aaa tacacs policy
ap71xx Delete an AP71XX access point
association-acl-policy Delete an association-acl policy
auto-provisioning-policy Delete an auto-provisioning policy
captive-portal Delete a captive portal
customize Restore the custom cli commands to default
device Delete multiple devices
device-categorization Delete device categorization object
dhcp-server-policy DHCP server policy
dns-whitelist Delete a whitelist object
event-system-policy Delete a event system policy
firewall-policy Configure firewall policy
igmp-snoop-policy Remove device onboard igmp snoop policy
ip Internet Protocol (IP)
l2tpv3 Negate a command or set its defaults
mac MAC configuration
management-policy Delete a management policy
meshpoint Delete a meshpoint object
meshpoint-qos-policy Delete a mesh point QoS configuration policy
nac-list Delete an network access control list
profile Delete a profile and all its associated
configuration
radio-qos-policy Delete a radio QoS configuration policy
radius-group Local radius server group configuration
radius-server-policy Remove device onboard radius policy
radius-user-pool-policy Configure Radius User Pool
rf-domain Delete one or more RF-domains and all their
associated configurations
role-policy Role based firewall policy
routing-policy Policy Based Routing Configuratino
smart-rf-policy Delete a smart-rf-policy
wips-policy Delete a wips policy
wlan Delete a wlan object
wlan-qos-policy Delete a wireless lan QoS configuration policy

service Service Commands


[G]ap7131-4AA708(config)#
COMMON COMMANDS 5 - 11

Priv Exec mode: No command options

[G]ap7131-4AA708#no ?
adoption Reset adoption state of the device (& all devices adopted to
it)
captive-portal Captive portal commands
crypto Encryption related commands
logging Modify message logging facilities
page Toggle paging
service Service Commands
terminal Set terminal line parameters
upgrade Remove a patch
wireless Wireless Configuration/Statistics commands

[G]ap7131-4AA708#

user Exec mode: No command options


[G]ap7131-4AA708>no ?
adoption Reset adoption state of the device (& all devices adopted to
it)
captive-portal Captive portal commands
crypto Encryption related commands
logging Modify message logging facilities
page Toggle paging
service Service Commands
terminal Set terminal line parameters
wireless Wireless Configuration/Statistics commands

[G]ap7131-4AA708>
Related Commands

no User Exec Commands mode


no Priv Exec Commands mode
no Global Config Commands mode
5 - 12 WiNG 5.4 FIPS Access Point CLI Reference Guide

5.1.6 revert
Common Commands
Reverts changes made, in the current session, to their last saved configuration
Supported in the following platforms:
Access Points AP71XX
Syntax
revert
Parameters
None
Examples
[G]ap7131-4AA708>revert
[G]ap7131-4AA708>
COMMON COMMANDS 5 - 13

5.1.7 service
Common Commands
Service commands are used to view and manage wireless controller configurations in all modes. The service commands and
their corresponding parameters vary from mode to mode. The User Exec Mode and Priv Exec Mode commands provide same
functionalities with a few minor changes. The Global Config service command sets the size of history files. It also enables
viewing of CLI tree of the current mode.
Supported in the following platforms:
Access Points AP71XX
Syntax (User Exec Mode)
service [clear|cli-tables-skin|cluster|delete-offline-aps|enable|force-send-config|
load-balancing|locator|radio|radius|set|show|smart-rf|wireless]

service clear [ap-upgrade|captive-portal-page-upload|noc|reboot-history|unsanctioned|


upgrade-history|wireless]
service clear ap-ugrade history {on <DOMAIN-NAME>}
service clear [reboot-history|upgrade-history] {on <DEVICE-NAME>}
service clear noc statistics
service clear unsanctioned aps {on <DEVICE-OR-DOMAIN-NAME>}
service clear wireless [ap|client|radio|wlan]
service clear wireless [ap|client] statistics {<MAC>} {(on <DEVICE-OR-DOMAIN-NAME>)}
service clear wireless radio statistics {<MAC/HOSTNAME> {<1-3>}} {(on <DEVICE-OR-DOMAIN-
NAME>)}
service clear wireless wlan statistics {<WLAN-NAME>} {(on <DEVICE-OR-DOMAIN-NAME)}

service cli-tables-skin [ansi|hashes|minimal|none|percent|stars|thick|thin|utf-8]


{grid}

service cluster force [active|configured-state|standby]

service delete-offline-aps [all|offline-for]


service delete-offline-aps offline-for days <0-999> {time <TIME>}]

service force-send-config {on <DEVICE-OR-DOMAIN-NAME>}


service load-balancing clear-client-capability [<MAC>|all] {on <DEVICE-NAME>}

service locator {<1-60>} {(on <DEVICE-NAME>)}

service radio <1-3> dfs simulator-radar [extension|primary]

service radius test [<IP>|<HOSTNAME>] [<WORD>|<PORT>]


service radius test [<IP>|<HOSTNAME>] <WORD> <USERNAME> <PASSWORD> {wlan <WLAN-NAME>
ssid <SSID>} {(on <DEVICE-NAME>)}
service radius test [<IP>|<HOSTNAME>] <PORT> <1024-65535> <WORD> <USERNAME>
<PASSWORD> {wlan <WLAN> ssid <SSID>} {(on <DEVICE-NAME>)}

service set validation-mode [full|partial] {on <DEVICE-NAME>}

service show [captive-portal|cli||configuration-revision|


crash-info|dhcp-lease|diag|fib|info|mac-vendor|mem|mint|noc|pm|process|
reboot-history|rf-domain-manager|snmp|startup-log|sysinfo|top|upgrade-history|
watch-dog|wireless]

service show captive-portal [servers|user-cache] {on <DEVICE-NAME>}


service show [cli|configuration-revision|mac-vendor <OUI/MAC>|noc diag|
snmp session]
service show [|crash-info|info|mem|process|reboot-history|
startup-log|sysinfo|top|upgrade-history|watchdog] {on <DEVICE-NAME>}
service show dhcp-lease {<INTERFACE-NAME>|on|ppppoe1|vlan <1-4094>|wwan1}
{(on <DEVICE-NAME>)}
service show diag [led-status|stats] {on <DEVICE-NAME>}
service show fib {table-id <0-255>}
service show mint adopted-devices {on <DEVICE-NAME>}
service show pm {history} {(on <DEVICE-NAME>)}
5 - 14 WiNG 5.4 FIPS Access Point CLI Reference Guide

service show rf-domain-manager diag {<MAC/HOSTNAME>} {(on <DEVICE-OR-DOMAIN-NAME>)}

service show wireless [aaa-stats|ap300|client|config-internal|credential-cache|


dns-cache|log-interval|meshpoint|neighbors|reference|stats-client|vlan-usage]
service show wireless [aaa-stats|credential-cache|dns-cache|vlan-usage] {on <DEVICE-
NAME>}
service show wireless [ap300 <MAC>|config-internal|log-interval|neighbors]
service show wireless [client|meshpoint neighbor] proc [info|stats] {<MAC>}
{{on <DEVICE-OR-DOMAIN-NAME>)}
service show wireless reference dot11 [frame|handshake|mcs-rates|reason-codes|
status-codes]
service show wireless reference dot11 handshake {wpa-wpa2-enterprise|wpa-wpa2-personal}
service show wireless stats-client diag {<MAC/HOSTNAME>} {(on <DEVICE-OR-DOMAIN-NAME>)}

service smart-rf [clear-config|clear-history|interactive-calibration|


interactive-calibration-result|run-calibration|save-config|stop-calibration]
service smart-rf [clear-config|clear-history|interactive-calibration|
run-calibration|save-config|stop-calibration] {on <DOMAIN-NAME>}
service smart-rf interactive-calibration-result [discard|replace-current-config|
write-to-configuration] {on <DOMAIN-NAME>}
service wireless [client|dump-core-snapshot|meshpoint|qos|wips]

service wireless client [beacon-request|trigger-bss-transition]


service wireless client beacon-request <MAC> mode [active|passive|table]
ssid [<SSID>|any] channel-report [<CHANNEL-LIST>|none] {on <DEVICE-NAME>}
service wireless client trigger-bss-transition <MAC> url <URL> {on <DEVICE-OR-DOMAIN-
NAME>}
service wireless meshpoint zl <MESHPOINT-NAME> [on <DEVICE-NAME>] {<ARGS>}
service wireless qos delete-tspec <MAC> tid <0-7>
service wireless wips [clear-client-blacklist|clear-event-history|dump-managed-config]
service wireless wips clear-client-blacklist [all|mac <MAC>]
service wireless wips clear-event-history {on <DEVICE-OR-DOMAIN-NAME>}
Parameters (User Exec Mode)
service clear ap-upgrade history {on <DOMAIN-NAME>}

clear ap-upgrade history Clears AP firmware upgrade history


on <DOMAIN-NAME> Optional. Clears AP firmware upgrade history on a specified RF Domain
<DOMAIN-NAME> Specify the RF Domain name.

service clear [captive-portal-page-upload|reboot-history|upgrade-history] {on <DEVICE-


NAME>}

clear [captive-portal- Clears captive-portal-page-upload information, reboot history, or device upgrade history
page-upload|
reboot-history|
upgrade-history]
on <DEVICE-NAME> Optional. Clears history on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service clear noc statistics

clear noc statistics Clears Network Operations Center (NOC) applicable statistics counters
COMMON COMMANDS 5 - 15

service clear unsanctioned aps {on <DEVICE-OR-DOMAIN-NAME>}

clear unsanctioned aps Clears the unsanctioned APs list


on Optional. Clears unsanctioned APs list on a specified device or RF Domain
<DEVICE-OR-DOMAIN- <DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or RF
NAME> Domain.

service clear wireless [ap|client] {<MAC>} {(on <DEVICE-OR-DOMAIN-NAME>)}

clear wireless [ap|client] Clears wireless statistics counters based on the parameters passed
statistics ap statistics Clears applicable AP statistics counters
client statistics Clears applicable wireless client statistics counters
<MAC> The following keywords are common to the ap and client parameters:
{on <DEVICE-OR- <MAC> Optional. Clears statistics counters for a specified AP or client. Specify the AP/client
DOMAIN-NAME>} MAC address.
on <DEVICE-OR-DOMAIN-NAME> Optional. Clears AP/client statistics counters on a
specified device or RF Domain. Specify the name of the AP, wireless controller, or RF Domain.

service clear wireless radio statistics {<MAC/HOSTNAME> {<1-3>}}


{(on <DEVICE-OR-DOMAIN-NAME>)}

clear wireless radio Clears applicable wireless radio statistics counters


statistics
<MAC/HOSTNAME> Optional. Specify the MAC address or hostname of the radio, or append the interface number to
<1-3> form the radio ID in the AA-BB-CC-DD-EE-FF:RX or HOSTNAME:RX format.
<1-3> Optional. Specify the radio interface index, if not specified as part of the radio ID.
on <DEVICE-OR- Optional. This is a recursive parameter, which clears wireless radio statistics on a specified
DOMAIN-NAME> device or RF Domain. Specify the name of the AP, wireless controller, or RF Domain.

service clear wireless wlan statistics {<WLAN-NAME>} {(on <DEVICE-OR-DOMAIN-NAME>)}

clear wireless wlan Clears WLAN statistics counters


statistics
<WLAN-NAME> Optional. Clears statistics counters on a specified WLAN. Specify the WLAN name.
on <DEVICE-OR- Optional. This is a recursive parameter, which clears WLAN statistics on a specified device or
DOMAIN-NAME> RF Domain. Specify the name of the AP, wireless controller, or RF Domain.
5 - 16 WiNG 5.4 FIPS Access Point CLI Reference Guide

service cli-tables-skin [ansi|hashes|minimal|none|percent|stars|thick|thin|utf-8]


{grid}

cli-tables-skin Selects a formatting layout or skin for CLI tabular outputs


[ansi|hashes|minimal| ansi Uses ANSI characters for borders
none|percent|stars|thick|
hashes Uses hashes (#) for borders
thin|uf-8]
minimal Uses one horizontal line between title and data rows
none Displays space separated items with no decoration
percent Uses the percent sign (%) for borders
stars Uses asterisks (*) for borders
thick Uses thick lines for borders
thin Uses thin lines for borders
utf-8 Uses UTF-8 characters for borders
grid Optional. Uses a complete grid instead of just title lines
service cluster force [active|configured-state|standby]

cluster Enables cluster protocol management


force Forces action commands on a cluster (active, configured-state, and standby)
active Changes the cluster run status to active
configured-state Restores a cluster to the configured state
standby Changes the cluster run status to standby
service delete-offline-aps all

delete-offline-aps all Deletes all off-line access point

service delete-offline-aps offline-for days <0-999> {time <TIME>}

delete-offline-aps Deletes access points off-line for a specified time


day <0-999> Deletes access points off-line for a specified number of days
<0-999> Specify the number of off-line days from 0 - 999.
time <TIME> Optional. Deletes access points off-line for a specified time
<TIME> Specify the time in HH:MM:SS format.

service force-send-config {on <DEVICE-OR-DOMAIN-NAME>}

force-send-config Resends configuration to device(s)


on <DEVICE-OR- Optional. Resends configuration to a specified device or all devices in a specified RF Domain
DOMAIN-NAME> <DEVICE-OR-DOMAIN-NAME> Optional. Specify the name of the AP, wireless controller, or
RF Domain.
COMMON COMMANDS 5 - 17

service load-balancing clear-client-capability [<MAC>|all] {on <DEVICE-NAME>}

load-balancing Enables wireless load balancing by clearing client capability records


clear-client-capability Clears a specified client or all clients capability records
[<MAC>|all] <MAC> Clears capability records of a specified client. Specify the clients MAC address in
the AA-BB-CC-DD-EE-FF format.
all Clears capability records of all clients
on <DEVICE-NAME> Optional. Clears client capability records on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service locator {<1-60>} {(on <DEVICE-NAME>)}

locator Enables LEDs


<1-60> Sets LED flashing time from 1 - 60 seconds.
on <DEVICE-NAME> The following keyword is recursive and common to the <1-60> parameter:
on <DEVICE-NAME> Optional. Enables LEDs on a specified device
<DEVICE-NAME> Specify name of the AP or wireless controller.

service radio <1-3> dfs simulate-radar [extension|primary]

radio <1-3> Configures radios parameters


<1-3> Specify the radio index from 1 - 3.
dfs Enables Dynamic Frequency Selection (DFS)
simulate-radar Simulates the presence of a radar on a channel. Select the channel type from the following
[extension|primary] options:
extension Simulates a radar on the radios current extension channel
primary Simulates a radar on the radios current primary channel

service radius test [<IP>|<HOSTNAME>] <WORD> <USERNAME> <PASSWORD> {wlan <WLAN-NAME>


ssid <SSID>} {(on <DEVICE-NAME>)}

radius test Tests RADIUS server account


test Tests RADIUS server account with user parameters
[<IP>|<HOSTNAME>] Sets the RADIUS servers IP address or hostname
<IP> Specifies the RADIUS servers IP address
<HOSTNAME> Specifies the RADIUS servers hostname
<WORD> Specify the RADIUS servers shared secret.
<USERNAME> Specify username for authentication.
<PASSWORD> Specify the password.
wlan <WLAN-NAME> Optional. Tests the RADIUS server on the local WLAN. Specify the local WLAN name.
ssid <SSID> ssid <SSID> Specify the local RADIUS servers SSID.
5 - 18 WiNG 5.4 FIPS Access Point CLI Reference Guide

on <DEVICE-NAME> Optional. This is a recursive parameter also applicable to the WLAN parameter. Performs tests
on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service radius test [<IP>|<HOSTNAME>] <PORT> <1024-65535> <WORD> <USERNAME> <PASSWORD>


{wlan <WLAN-NAME> ssid <SSID>} {(on <DEVICE-NAME>)}

radius test Tests a RADIUS server account


test Tests the RADIUS server account with user parameters
[<IP>|<HOSTNAME>] Sets the IP address or hostname of the RADIUS server
<IP> Specify the RADIUS servers IP address.
<HOSTNAME> Specify the RADIUS servers hostname.
<PORT> Specify the RADIUS server port from 1024 - 65535. The default port is 1812.
<1024-65535>
<WORD> Specify the RADIUS servers shared secret.
<USERNAME> Specify username for authentication.
<PASSWORD> Specify the password.
wlan <WLAN-NAME> Optional. Tests the RADIUS server on the local WLAN. Specify the local WLAN name.
ssid <SSID> ssid <SSID> Specify the RADIUS servers SSID.
on <DEVICE-NAME> Optional. This is a recursive parameter also applicable to the WLAN parameter. Performs tests on
a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
service set validation-mode [full|partial] {on <DEVICE-NAME>}

set Sets the validation mode for running configuration validation


validation-mode Sets the validation mode
[full|partial] full Performs a full configuration validation
partial Performs a partial configuration validation
on <DEVICE-NAME> Optional. Performs full or partial configuration validation on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service show captive-portal [servers|user-cache] {on <DEVICE-NAME>}

show Displays running system statistics based on the parameters passed


captive-portal Displays captive portal information
servers Displays server information for active captive portals
user-cache Displays cached user details for a captive portal
on <DEVICE-NAME> Optional. Displays server information or cached user details on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
COMMON COMMANDS 5 - 19

service show [cli|configuration-revision|mac-vendor <OUI/MAC>|noc diag|snmp session]

show Displays running system statistics based on the parameters passed


cli Displays CLI tree of the current mode
configuration-revision Displays current configuration revision number
mac-vendor Displays vendor name for a specified MAC address or Organizationally Unique Identifier (OUI)
<OUI/MAC> part of the MAC address
<OUI/MAC> Specify the MAC address or its OUI. The first six digits of the MAC address is
the OUI. Use the AABBCC or AA-BB-CC format to provide the OUI.
noc diag Displays NOC diagnostic details
snmp session Displays SNMP session details

service show [crash-info|info|mem|process|reboot-histroy|startup-log|sysinfo|top|


upgrade-history|watchdog] {on <DEVICE-NAME>}

show Displays running system statistics based on the parameters passed


crash-info Displays information about core, panic, and AP dump files
info Displays snapshot of available support information
mem Displays a systems current memory usage (displays the total memory and available memory)
process Displays active system process information (displays all processes currently running on the
system)
reboot-history Displays the devices reboot history
startup-log Displays the devices startup log
sysinfo Displays systems memory usage information
top Displays system resource information
upgrade-history Displays the devices upgrade history (displays details, such as date, time, and status of the
upgrade, old version, new version etc.)
watchdog Displays the devices watchdog status
on <DEVICE-NAME> The following keywords are common to all of the above:
on <DEVICE-NAME> Optional. Displays information for a specified device. If no device is
specified, the system displays information for logged device(s)
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service show dhcp-lease {<INTERFACE-NAME>|on|ppppoe1|vlan <1-4094>|wwan1}


{(on <DEVICE-NAME>)}

show Displays running system statistics based on the parameters passed


dhcp-lease Displays DHCP lease information received from the server
<INTERFACE> Optional. Displays DHCP lease information for a specified router interface
<INTERFACE> Specify the router interface name.
5 - 20 WiNG 5.4 FIPS Access Point CLI Reference Guide

on Optional. Displays DHCP lease information for a specified device


ppppoe1 Optional. Displays DHCP lease information for a PPP over Ethernet interface
vlan <1-4094> Optional. Displays DHCP lease information for a VLAN
<1-4094> Specify a VLAN index from 1 - 4094.
wwan1 Optional. Displays DHCP lease information for a Wireless WAN interface
on <DEVICE-NAME> The following keywords are common to all of the above:
on <DEVICE-NAME> Optional. Displays DHCP lease information for a specified device. If no
device is specified, the system displays information for the logged device.
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service show diag [led-status|stats] {(on <DEVICE-NAME>)}

show Displays running system statistics based on the parameters passed


diag Displays diagnostic statistics, such as LED status, fan speed, and sensor temperature
led-status Displays LED state variables and the current state
stats Displays fan speed and sensor temperature statistics
on <DEVICE-NAME> Optional. Displays diagnostic statistics for a specified device. If no device is specified, the system
displays information for the logged device.
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service show fib {table-id <0-255>}

show Displays running system statistics based on the parameters passed


fib Displays entries in the Forwarding Information Base (FIB)
table-id <0-255> Optional. Displays FIB information maintained by the system based on the table ID
<0-255> Specify the table ID from 0 - 255.
service show mint adopted-devices {(on <DEVICE-NAME>)}

show Displays running system statistics based on the parameters passed


mint Displays MiNT protocol details
adopted-devices Displays adopted devices status in dpd2
on <DEVICE-NAME> Optional. Displays MiNT protocol details for a specified device. If no device is specified, the
system displays information for the logged device.
<DEVICE-NAME> Specify the name of the AP or wireless controller.
service show pm {history} {(on <DEVICE-NAME>)}

show Displays running system statistics based on the parameters passed


pm Displays the Process Monitor (PM) controlled process details
COMMON COMMANDS 5 - 21

history Optional. Displays process change history (the time at which the change was implemented, and
the events that triggered the change)
on <DEVICE-NAME> Optional. Displays process change history for a specified device. If no device is specified, the
system displays information for the logged device.
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service show rf-domain-manager diag {<MAC/HOSTNAME>} {(on <DEVICE-OR-DOMAIN-NAME>)}

show Displays running system statistics based on the parameters passed


rf-domain-manager Displays RF Domain manager information
diag Displays RF Domain manager related diagnostics statistics
<MAC/HOSTNAME> Optional. Specify the MAC address or hostname of the RF Domain manager.
on <DEVICE-OR- Optional. Displays diagnostics statistics on a specified device or domain
DOMAIN-NAME> <DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or RF Domain.

service show wireless [aaa-stats|credential-cache|dns-cache|vlan-usage]


{on <DEVICE-NAME>}

show Displays running system statistics based on the parameters passed


wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage etc.)
aaa-stats Displays AAA policy statistics
credential-cache Displays clients cached credentials statistics (VLAN, keys etc.)
dns-cache Displays cache of resolved names of servers related to wireless networking
vlan-usage Displays VLAN statistics across WLANs
on <DEVICE-NAME> The following keywords are common to all of the above:
on <DEVICE-NAME> Optional. Displays running system statistics on a specified device. If no
device is specified, the system displays information for the logged device.
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service show wireless [ap300 <MAC>|config-internal|log-interval|neighbors]

show Displays running system statistics based on the parameters passed


wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage etc.)
ap300 <MAC> Displays WLAN AP300 statistics
<MAC> Specify the MAC address of the AP300.
config-internal Displays internal configuration parameters
log-interval Displays recent wireless debug logs (info and above severity)
neighbors Displays neighboring device statistics for roaming and flow migration
5 - 22 WiNG 5.4 FIPS Access Point CLI Reference Guide

service show wireless [client|meshpoint neighbor] proc [info|stats] {<MAC>}


{(on <DEVICE-OR-DOMAIN-NAME)}

show Displays running system statistics based on the parameters passed


wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage etc.)
client Displays WLAN client statistics
meshpoint neighbor Displays meshpoint related proc entries
proc The following keyword is common to client and meshpoint neighbor parameters:
proc Displays dataplane proc entries based on the parameter selected
Note: These proc entries provide statistics on each wireless client on the WLAN.
Note: For the meshpoint parameter, it displays proc entries about neighbors.
info This parameter is common to client and meshpoint neighbor parameters. Displays information of
a specified wireless client or neighbor
stats This parameter is common to client and meshpoint neighbor parameters. Displays information of
a specified wireless client or neighbor
<MAC> Displays information of a specified wireless client or neighbor
on <DEVICE-OR- This parameter is common to client and meshpoint neighbor parameters. Displays information of
DOMAIN-NAME> a specified wireless client or neighbor

service show wireless reference dot11 [frame|mcs-rates|reason-codes|status-codes]

show Displays running system statistics based on the parameters passed


wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage etc.)
reference Displays look up reference information related to standards, protocols etc.
dot11 Displays 802.11 standard related information, such as frame structure, MCS rates etc.
frame Displays 802.11 frame structure
mcs-rates Displays MCS rate information
reason-codes Displays 802.11 reason codes (for deauthentication, disassociation etc.)
status-codes Displays 802.11 status codes (for association response etc.
service show wireless reference dot11 handshake {wpa-wpa2-enterprise|
wpa-wpa2-personal}

show Displays running system statistics based on the parameters passed


wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage etc.)
reference Displays look up reference information related to standards, protocols etc.
dot11 Displays 802.11 standard related information, such as frame structure, MCS rates etc.
handshake Displays flow diagram of 802.11 handshakes
COMMON COMMANDS 5 - 23

wpa-wpa2-enterprise Optional. Displays WPA/WPA2 enterprise handshake (TKIP/CCMP with 802.1x authentication)
wpa-wpa2-personal Optional. Displays WPA/WPA2 personal handshake (TKIP/CCMP with pre-shared keys)

service show wireless stats-client diag {<MAC/HOSTNAME>} {(on <DEVICE-OR-DOMAIN-NAME)}

show Displays running system statistics based on the parameters passed


wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage etc.)
stats-client Displays managed AP statistics
<MAC/HOSTNAME> Optional. Specify the MAC address or hostname of the AP.
on <DEVICE-OR- Optional. Displays statistics on a specified AP, or all APs on a specified domain.
DOMAIN-NAME> <DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or
RF Domain.

service smart-rf [clear-config|clear-history|interactive-calibration|


run-calibration|save-config|stop-calibration] {on <DOMAIN-NAME>}

smart-rf Enables Smart RF management


clear-config Clears WLAN Smart RF configuration on all devices
clear-history Clears WLAN Smart RF history on all devices
interactive-calibration Enables interactive Smart RF calibration
run-calibration Starts a new Smart RF calibration process
save-config Saves Smart RF configuration on all device, and also saves the history on the domain manager
stop-calibration Stops Smart RF configuration (currently in progress)
on <DOMAIN-NAME> Optional. Enables Smart RF management on a specified RF Domain
<DOMAIN-NAME> Specify the RF Domain name.

service smart-rf interactive-calibration-result [discard|replace-current-config|


write-to-configuration] {on <DOMAIN-NAME>}

smart-rf Enables Smart RF management


interactive-calibration- Displays interactive Smart RF calibration results
result
discard Discards interactive Smart RF calibration results
replace-current-config Replaces current radio configuration
write-to-configuration Writes and saves radio settings to configuration
on <DOMAIN-NAME> Optional. Displays interactive Smart RF calibration results on a specified RF Domain
<DOMAIN-NAME> Specify the RF Domain name.
5 - 24 WiNG 5.4 FIPS Access Point CLI Reference Guide

service wireless client beacon-request <MAC> mode [active|passive|table]


ssid [<SSID>|any] channel-report [<CHANNEL-LIST>|none] {on <DEVICE-NAME>}

wireless client beacon- Sends beacon measurement requests to a wireless client


requests
<MAC> Specify the MAC address of the wireless client.
mode Specifies the beacon measurements mode
[active|passive|table] Active Requests beacon measurements in the active mode
Passive Requests beacon measurements in the passive mode
Table Requests beacon measurements in the table mode
ssid [<SSID>|any] Specifies if the measurements have to be made for a specified SSID or for any SSID
<SSID> Requests beacon measurement for a specified SSID
any Requests beacon measurement for any SSID
channel-report Configures channel report in the request. The request can include a list of channels or can apply
[<CHANNEL-LIST>| to all channels
none] <CHANNEL-LIST> Request includes a list of channels. The client has to send beacon
measurements only for those channels included in the request
none Request applies to all channels
on <DEVICE-NAME> Optional. Sends requests on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service wireless client trigger-bss-transition <MAC> url <URL> {on <DEVICE-OR-DOMAIN-


NAME>}

wireless client trigger- Sends 80211v-Wireless Network Management BSS transition request to a client
bss-transition
<MAC> Specifies wireless clients MAC address
url <URL> Specifies session termination URL
on <DEVICE-OR- Optional. Sends request on a specified device
DOMAIN-NAME> <DEVICE-OR_DOMAIN-NAME> Specify the name of the AP, wireless controller, or
RF Domain.

service wireless meshpoint zl <MESHPOINT-NAME> [on <DEVICE-NAME>] {<ARGS>}

service wireless Runs zonal level commands for a meshpoint


meshpoint
zl Runs zonal commands
<MESHPOINT-NAME> Runs zonal commands for the <MESHPOINT-NAME> meshpoint
on <DEVICE-NAME> Runs zonal commands for a specified meshpoint on a specified AP or wireless controller
<ARGS> Optional. Specifies the zonal arguments
COMMON COMMANDS 5 - 25

service wireless qos delete-tspec <MAC> tid <0-7>

wireless qos Sends a delete TSPEC request to a wireless client


delete-tspec
<MAC> Specify the MAC address of the wireless client.
tid <0-7> Deletes the Traffic Identifier (TID)
<0-7> Select the TID from 0 - 7.
service wireless wips clear-client-blacklist [all|mac <MAC>]

wireless wips Enables management of WIPS parameters


clear-client-blacklist Removes a specified client or all clients from the blacklist
[all|mac <MAC>] all Removes all clients from the blacklist
mac <MAC> Removes a specified client form the blacklist
<MAC> Specify the MAC address of the wireless client.

service wireless wips clear-event-history {on <DEVICE-OR-DOMAIN-NAME}

wireless wips Enables WIPS management


clear-event-history Clears event history
on <DEVICE-OR- Optional. Clears event history on a device or RF Domain
DOMAIN-NAME> <DEVICE-OR-DOMAIN-NAME> Specify the name of the AP, wireless controller, or
RF Domain.
Syntax (Privilege Exec Mode)

NOTE: The service command of the Priv Exec Mode is the same as the service
command in the User Exec Mode. There a few modifications that have been documented
in this section. For the syntax and parameters of the other commands refer to the
(User Exec Mode) syntax and (User Exec Mode) parameters sections of this chapter.

service [clear|cli-tables-skin|cluster|
delete|delete-offline-aps|force-send-config|load-balancing|locator|mint|
pm|radio|radius|set|show|signal|smart-rf|wireless]

service clear crash-info {on <DEVICE-NAME>}

service delete sessions <SESSION-COOKIES>

service mint [clear|debug-log|expire|flood]


service mint [clear [lsp-db|mlcp]|debug-log [flash-and-syslog|flash-only]|
expire [lsp|spf]|flood [csnp|lsp]]

service pm stop {on <DEVICE-NAME>}

service show last-passwd]

service signal [abort <PROCESS-NAME>|kill <PROCESS-NAME>]


5 - 26 WiNG 5.4 FIPS Access Point CLI Reference Guide

Parameters (Privilege Exec Mode)


service clear crash-info {on <DEVICE-NAME>}

clear crash-info Clears all crash files


on <DEVICE-NAME> Optional. Clears crash files on a specified device. These crash files are core, panic, and AP dump
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service delete sessions <SESSION-COOKIES>

delete sessions Deletes session cookies


<SESSION-COOKIES> <SESSION-COOKIES> Provide a list of cookies to delete.
service mint [clear [lsp-dp|mlcp]|debug-log [flash-and-syslog|flash-only]|
expire [lsp|spf]|flood [csnp|lsp]]

mint Enables MiNT protocol management (clears LSP database, enables debug logging, enables
running silence etc.)
clear [lsp-dp|mlcp] Clears LSP database and MiNT Link Control Protocol (MLCP) links
lsp-dp Clears MiNT Label Switched Path (LSP) database
mlcp Clears MLCP links
debug-log Enables debug message logging
[flash-and-syslog| flash-and-syslog Logs debug messages to the flash and syslog files
flash-only]
flash-only Logs debug messages to the flash file only
expire [lsp|spf] Forces expiration of LSP and recalculation of Shortest Path First (SPF)
lsp Forces expiration of LSP
spf Forces recalculation of SPF
flood [csnp|lsp] Floods control packets
csnp Floods our Complete Sequence Number Packets (CSNP)
lsp Floods our LSP

service pm stop {on <DEVICE-NAME>}

pm Stops the Process Monitor (PM)


stops Stops the PM from monitoring all daemons
on <DEVICE-NAME> Optional. Stops the PM on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.

service show last-passwd

show Displays running system statistics based on the parameters passed


last-passwd Displays the last password used to enter shell
COMMON COMMANDS 5 - 27

service signal [abort <PROCESS-NAME>|kill <PROCESS-NAME>]

signal Sends a signal to a process


tech-support Copies extensive system information useful for troubleshooting
abort Sends an abort signal to a process, and forces it to dump to core
<PROCESS-NAME> Specify the process name.
kill Sends a kill signal to a process, and forces it to terminate without a core
<PROCESS-NAME> Specify the process name.
Syntax (Global Config Mode)
service [set|show cli]
service set [command-history <10-300>|upgrade-history <10-100>|
reboot-history <10-100> {on <DEVICE-NAME>}
Parameters (Global Config Mode)
service set [command-history <10-300>|upgrade-history <10-100>|reboot-history <10-
100>] {on <DEVICE-NAME>}

set Sets the size of history files


command-history Sets the size of the command history file
<10-300> <10-300> Specify a value from 10 - 300. The default is 200.
upgrade-history Sets the size of the upgrade history file
<10-100> <10-100> Specify a value from 10 - 100. The default is 50.
reboot-history Sets the size of the reboot history file
<10-100> <10-100> Specify a value from 10 - 100. The default is 50.
on <DEVICE-NAME> Optional. Sets the size of history files on a specified device
<DEVICE-NAME> Specify the name of the AP or wireless controller.
service show cli

show cli Displays running system configuration details


cli Displays the CLI tree of the current mode
Examples
[G]ap7131-4AA708>service cli-tables-skin stars

[G]ap7131-4AA708>service show cli


User Exec mode: +-do
+-help [help]
+-show
+-configuration-tree [help show configuration-tree]
+-search
+-WORD [help search WORD (|detailed|only-show|skip-show)]
+-detailed [help search WORD (|detailed|only-show|skip-show)]
+-only-show [help search WORD (|detailed|only-show|skip-show)]
+-skip-show [help search WORD (|detailed|only-show|skip-show)]
+-show
+-commands [show commands]
+-running-config [show (running-config|session-config) (|include-factory)]
+-include-factory [show (running-config|session-config) (|include-factory)]
+-interface [show running-config interface (|`WORD|ge <1-2>|wwan1|pppoe1|vlan <1-
4094>') (|include-factory)]
5 - 28 WiNG 5.4 FIPS Access Point CLI Reference Guide

+-WORD [show running-config interface (|`WORD|ge <1-2>|wwan1|pppoe1|vlan <1-4094>')


(|include-factory)]
+-include-factory [show running-config interface (|`WORD|ge <1-
2>|wwan1|pppoe1|vlan <1-4094>') (|include-factory)]
+-ge
+-<1-2> [show running-config interface (|`WORD|ge <1-2>|wwan1|pppoe1|vlan <1-
4094>') (|include-factory)]
--More--
]
.................................................................
[G]ap7131-4AA708>

[G]ap7131-4AA708#service signal kill testp


Sending a kill signal to testp
[G]ap7131-4AA708#

[G]ap7131-4AA708#service signal abort testprocess


Sending an abort signal to testprocess
[G]ap7131-4AA708#
[G]ap7131-4AA708#service pm stop on ap7131-4AA708
[G]ap7131-4AA708#

[G]ap7131-4AA708(config)#service show cli


Global Config mode:
+-help [help]
+-search
+-WORD [help search WORD (|detailed|only-show|skip-show)]
+-detailed [help search WORD (|detailed|only-show|skip-show)]
+-only-show [help search WORD (|detailed|only-show|skip-show)]
+-skip-show [help search WORD (|detailed|only-show|skip-show)]
+-show
+-commands [show commands]
+-eval
+-LINE [show eval LINE]
+ +-on
..............................................................
[G]ap7131-4AA708(config)#
COMMON COMMANDS 5 - 29

[G]ap7131-4AA708>service show diag stats on ap7131-4AA708

fan 1 current speed: 6660 min_speed: 2000 hysteresis: 250


fan 2 current speed: 6720 min_speed: 2000 hysteresis: 250
fan 3 current speed: 6540 min_speed: 2000 hysteresis: 250

Sensor 1 Temperature 32.0 C


Sensor 2 Temperature 58.0 C
Sensor 3 Temperature 29.0 C
Sensor 4 Temperature 28.0 C
Sensor 5 Temperature 26.0 C
Sensor 6 Temperature 28.0 C

[G]ap7131-4AA708>service show info on ap7131-4AA708


7.7M out of 8.0M available for logs.
9.4M out of 10.0M available for history.
19.2M out of 20.0M available for crashinfo.
List of Files:

cfgd.log 5.7K Jul 28 17:17


fmgr.log 221 Jul 27 12:40
messages.log 1.0K Jul 27 12:41
startup.log 52.3K Jul 27 12:40
command.history 903 Jul 28 16:39
reboot.history 1.6K Jul 27 12:40
ugrade.history 698 Jul 27 12:39

Please export these files or delete them for more space.

[G]ap7131-4AA708>
[G]ap7131-4AA708>service show upgrade-history on ap7131-4AA708
Configured size of upgrade history is 50

Date & Time Old Version New Version Status


=====================================================================
Jun 07 07:25:49 2012 5.4.0.0-015D 5.4.0.0-019D Successful
May 28 09:25:26 2012 5.4.0.0-011D 5.4.0.0-015D Successful
May 15 11:18:32 2012 5.4.0.0-010D 5.4.0.0-011D Successful
May 15 11:16:33 2012 5.4.0.0-010D 5.4.0.0-010D Unable to get update file. ftpget:
unexpected server response to RETR: 550 Latestbuilds/RFS7000.img: The system cannot find
the file specified.
May 09 14:40:22 2012 5.4.0.0-149320X 5.4.0.0-010D Successful
Apr 27 17:04:40 2012 5.4.0.0-147995X 5.4.0.0-149320X Successful
Apr 17 16:01:37 2012 5.4.0.0-146545X 5.4.0.0-147995X Successful
Apr 05 10:06:35 2012 5.4.0.0-144745X 5.4.0.0-146545X Successful
Mar 28 15:18:48 2012 5.4.0.0-144745X 5.4.0.0-145763X Successful
Mar 19 13:45:32 2012 5.4.0.0-144571X 5.4.0.0-144745X Successful
Mar 19 11:16:31 2012 5.4.0.0-005D 5.4.0.0-144571X Successful
Mar 19 11:15:57 2012 Package SigningCerts 0.0 Successful
--More--
[G]ap7131-4AA708>
5 - 30 WiNG 5.4 FIPS Access Point CLI Reference Guide

[G]ap7131-4AA708>service show xpath-history


---------------------------------------------------------------------------------------
------------------------------------------------
DATE&TIME USER XPATH
DURATION(MS)
---------------------------------------------------------------------------------------
------------------------------------------------
Thu May 10 08:59:42 2012 system /wing-stats/device/00-15-70-37-FA-BE/upgrade-history
10
Thu May 10 08:59:05 2012 system /wing-stats/device/00-15-70-37-FA-BE/service-info
139
Thu May 10 08:58:26 2012 system /wing-stats/device/00-15-70-37-FA-BE/diag/temp
23
Thu May 10 08:58:26 2012 system /wing-stats/device/00-15-70-37-FA-BE/diag/fan
41
Thu May 10 08:57:01 2012 system /wing-stats/device/00-15-70-37-FA-BE/command-history
19
Thu May 10 08:09:12 2012 system /wing-stats/device/00-15-70-37-FA-BE/system
135
Thu May 10 07:38:23 2012 system /wing-stats/device/00-15-70-37-FA-BE/_actions/clear-
advanced-wips-event-history 7
Wed May 9 14:52:10 2012 system /wing-stats/device/00-15-70-37-FA-BE/system
150
---------------------------------------------------------------------------------------
[G]ap7131-4AA708>

[G]ap7131-4AA708>service show wireless config-internal


! Startup-Config-Playback Completed: Yes
no country-code
!
wlan-qos-policy default
no rate-limit wlan to-air
no rate-limit wlan from-air
no rate-limit client to-air
no rate-limit client from-air
!
wlan wlan1
ssid wlan1
vlan 1
qos-policy default
encryption-type none
authentication-type none
no accounting radius
no accounting syslog
[G]ap7131-4AA708>

System Information:

Free RAM: 68.0% (169 of 249) Min: 10.0%


File Descriptors: free: 24198 used: 960 max: 25500
CPU load averages: 1 min: 0.0% 5 min: 0.0% 15 min: 0.0%

Kernel Buffers:
Size: 32 64 128 256 512 1k 2k 4k 8k 16k 32k 64k 128k
Usage: 2761 2965 927 201 549 107 141 25 68 0 1 2 0
Limit: 32768 8192 4096 4096 8192 8192 16384 16384 1024 512 256 64 64
[G]ap7131-4AA708#
COMMON COMMANDS 5 - 31

5.1.8 show
Common Commands
Displays specified system component settings. There are a number of ways to invoke the show command:
When invoked without any arguments, it displays information about the current context. If the current context contains
instances, the show command (usually) displays a list of these instances.
When invoked with the display parameter, it displays information about that component.
Supported in the following platforms:
Access Points AP71XX
Syntax
show <PARAMETER>
Parameters
None
Examples
[G]ap7131-139B34#show ?
adoption Display information related to adoption to
wireless controller
ap-upgrade AP Upgrade
boot Display boot configuration.
captive-portal Captive portal commands
captive-portal-page-upload Captive portal advanced page upload
cdp Cisco Discovery Protocol
clock Display system clock
cluster Cluster Protocol
commands Show command lists
context Information about current context
critical-resources Critical Resources
crypto Encryption related commands
event-history Display event histor
event-system-policy Display event system policy
file Display filesystem information
fips-license FIPS license management command
firewall Wireless Firewall
interface Interface Configuration/Statistics commands
ip Internet Protocol (IP)
ip-access-list-stats IP Access list stats
l2tpv3 L2TPv3 information
licenses Show installed licenses and usage
lldp Link Layer Discovery Protocol
logging Show logging information
mac-access-list-stats MAC Access list stats
mac-address-table Display MAC address table
mint MiNT protocol
noc Noc-level information
ntp Network time protocol
password-encryption Pasword encryption
pppoe-client PPP Over Ethernet client
privilege Show current privilege level
reload Scheduled reload information
rf-domain-manager Show RF Domain Manager selection details
role Role based firewall
route-maps Display Route Map Statistics
rtls RTLS Statistics
running-config Current operating configuration
session-changes Configuration changes made in this session
session-config This session configuration
sessions Display CLI sessions
smart-rf Smart-RF Management Commands
spanning-tree Display spanning tree information
startup-config Startup configuration
terminal Display terminal configuration parameters
5 - 32 WiNG 5.4 FIPS Access Point CLI Reference Guide

timezone The timezone


upgrade-status Display last image upgrade status
version Display software & hardware version
vrrp VRRP protocol
what Perform global search
wireless Wireless commands
wwan Display wireless WAN Status

[G]ap7131-4AA708#

NOTE: For more information on the show command, see Chapter 6, SHOW
COMMANDS.
COMMON COMMANDS 5 - 33

5.1.9 write
Common Commands
Writes the system running configuration to memory or terminal
Supported in the following platforms:
Access Points AP71XX
Syntax
write [memory|terminal]
Parameters
write [memory|terminal]

memory Writes to the non-volatile (NV) memory


terminal Writes to terminal
Examples
[G]ap7131-4AA708>write memory
[OK]
[G]ap7131-4AA708>
5 - 34 WiNG 5.4 FIPS Access Point CLI Reference Guide
CHAPTER 6
SHOW COMMANDS
Show commands display information about a configuration setting or display statistical information. Use this command to see
the current running configuration as well as the start-up configuration. The show command also displays the configuration of
the current context.
This chapter describes the show CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes. Commands
entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands. If a user or privilege is not
specified, the referenced command can be entered in either mode.
This chapter also describes the show commands in the GLOBAL CONFIG mode. The commands can be entered in all three
modes, except commands like file, IP access list statistics, MAC access list statistics, and upgrade statistics, which cannot be
entered in the User Executable Mode.
6-2 WiNG 5.4 FIPS Access Point CLI Reference Guide

6.1 show commands


Table 6.1 summarizes show commands.
Table 6.1 Show Commands

Command Description Reference


show Displays settings for the specified system component page 6-4
adoption Displays information related to wireless controller adoption page 6-8
ap-upgrade Displays access point software image upgrade information page 6-10